Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	bcook <>	2016-01-04 02:04:56 +0000
committer	bcook <>	2016-01-04 02:04:56 +0000
commit	22d4dbcaf1865fd8350ef5930ed1c8b375cbef42 (patch)
tree	301d6c8f4507972102a4f8fd3f8365395280a1b8 /src/lib/libc
parent	3c78bc879ca4a6912fae9f0dcf0053c399e44a69 (diff)
download	openbsd-22d4dbcaf1865fd8350ef5930ed1c8b375cbef42.tar.gz openbsd-22d4dbcaf1865fd8350ef5930ed1c8b375cbef42.tar.bz2 openbsd-22d4dbcaf1865fd8350ef5930ed1c8b375cbef42.zip

Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.

Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@

Diffstat (limited to 'src/lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: