CVSROOT: /cvs Module name: src Changes by: bc...@cvs.openbsd.org 2016/01/03 19:04:56
Modified files: lib/libcrypto/crypto: arc4random_linux.h Log message: Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1. Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@