diff options
| author | bcook <> | 2016-01-04 02:04:56 +0000 | 
|---|---|---|
| committer | bcook <> | 2016-01-04 02:04:56 +0000 | 
| commit | 0f894628446dec0db2f00dac168dac6bcb7dd705 (patch) | |
| tree | 301d6c8f4507972102a4f8fd3f8365395280a1b8 /src/lib/libc/stdlib/lsearch.c | |
| parent | fc1b61ff7d2b1dfc2853e6759ce2780b4a72f280 (diff) | |
| download | openbsd-0f894628446dec0db2f00dac168dac6bcb7dd705.tar.gz openbsd-0f894628446dec0db2f00dac168dac6bcb7dd705.tar.bz2 openbsd-0f894628446dec0db2f00dac168dac6bcb7dd705.zip | |
Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.
Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@
Diffstat (limited to 'src/lib/libc/stdlib/lsearch.c')
0 files changed, 0 insertions, 0 deletions
