>CVSROOT: /cvs >Module name: src >Changes by: bc...@cvs.openbsd.org 2016/01/03 19:04:56 > >Modified files: > lib/libcrypto/crypto: arc4random_linux.h > >Log message: >Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1. > >Work around this particular case by reseeding whenever pid=1, but as guenther@ >notes, directly calling clone(2), and then forking to match another pid, >provides other ways to bypass new process detection on Linux. >Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and >does not invent a corresponding mechanism to subvert it. > >Noted by Sebastian Krahmer and the opmsg team. >See http://stealth.openwall.net/crypto/randup.c for a test program. > >ok beck@
So in other words, libressl has to account for this linux behaviour. Yet the linux behaviour persists. What other pieces of software are not being held to account for this? I'll leave that interesting question hanging.
