From 22d4dbcaf1865fd8350ef5930ed1c8b375cbef42 Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Mon, 4 Jan 2016 02:04:56 +0000
Subject: Calling clone(2) with CLONE_NEWPID yields multiple processes with
 pid=1.

Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.

Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.

ok beck@
---
 src/lib/libcrypto/arc4random/arc4random_linux.h | 5 +++--
 src/lib/libcrypto/crypto/arc4random_linux.h     | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/arc4random/arc4random_linux.h b/src/lib/libcrypto/arc4random/arc4random_linux.h
index 3296fdeca1..303deb5786 100644
--- a/src/lib/libcrypto/arc4random/arc4random_linux.h
+++ b/src/lib/libcrypto/arc4random/arc4random_linux.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random_linux.h,v 1.9 2015/01/15 06:57:18 deraadt Exp $	*/
+/*	$OpenBSD: arc4random_linux.h,v 1.10 2016/01/04 02:04:56 bcook Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -60,7 +60,8 @@ _rs_forkdetect(void)
 	static pid_t _rs_pid = 0;
 	pid_t pid = getpid();
 
-	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+        /* XXX unusual calls to clone() can bypass checks */
+	if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
 		_rs_pid = pid;
 		_rs_forked = 0;
 		if (rs)
diff --git a/src/lib/libcrypto/crypto/arc4random_linux.h b/src/lib/libcrypto/crypto/arc4random_linux.h
index 3296fdeca1..303deb5786 100644
--- a/src/lib/libcrypto/crypto/arc4random_linux.h
+++ b/src/lib/libcrypto/crypto/arc4random_linux.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random_linux.h,v 1.9 2015/01/15 06:57:18 deraadt Exp $	*/
+/*	$OpenBSD: arc4random_linux.h,v 1.10 2016/01/04 02:04:56 bcook Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -60,7 +60,8 @@ _rs_forkdetect(void)
 	static pid_t _rs_pid = 0;
 	pid_t pid = getpid();
 
-	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+        /* XXX unusual calls to clone() can bypass checks */
+	if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
 		_rs_pid = pid;
 		_rs_forked = 0;
 		if (rs)
-- 
cgit v1.2.3-55-g6feb