1 |
Cory, |
2 |
Thanks. |
3 |
I'll continue this thread with you in the bug # |
4 |
|
5 |
On Wed, 2004-05-12 at 13:08, Cory Visi wrote: |
6 |
> Hello, I recently completed the development and testing for an |
7 |
> implementation of SSP utilizing frandom as previously discussed on this |
8 |
> list. It was a complete success, and I'm pleased to offer it up to |
9 |
> everyone interested. |
10 |
> |
11 |
> Here is the bugzilla link with all the necessary files and instructions: |
12 |
> http://bugs.gentoo.org/show_bug.cgi?id=50864 |
13 |
> |
14 |
> To save everyone a step, here is the main portion of the docs: |
15 |
> |
16 |
> Firstly, my development server is running 2.6.5-wolk3.0-rc2. It was |
17 |
> necessary to rework the frandom kernel patch for this kernel version. The |
18 |
> patch is attached and has also been submitted to the frandom author. For |
19 |
> 2.4 kernels, the included patch should work fine. |
20 |
> |
21 |
> The ssp-v6.c is based on Ned's (solar's) ssp5.c. I made only the change of |
22 |
> including config.h and sysctl.h. Also, I changed the ifdef's to |
23 |
> HAVE_DEV_ERANDOM. Finally, I merged the one small cosmetic change from |
24 |
> glibc-2.3.3_pre20040117-signal-ssp.diff (this patch is now obsolete). |
25 |
> |
26 |
> The attached glibc-2.3.2-propolice-guard-functions-v3.patch is simply the |
27 |
> v2 version with the ssp.c portion removed. The ssp.c is copied from files/ |
28 |
> in the ebuild now to allow for easy changes. This was requested by Ned. |
29 |
> |
30 |
> The only major change is the attached glibc-2.3.3-frandom-detect.patch. |
31 |
> This patches glibc's configure.in to detect the existance of /dev/erandom |
32 |
> and use it for SSP functionality. |
33 |
> |
34 |
> I'm not positive this is the best method for detection. We don't want |
35 |
> ssp.c to have to execute multiple open()'s on each exec, so a compile-time |
36 |
> implementation seems necessary. I'm not sure merely checking for the |
37 |
> existance of /dev/erandom is the best method to detect. Furthermore, the |
38 |
> Linux kernel team seems to feel frandom/erandom should be implemented at |
39 |
> the user level. The beauty of erandom is that it seeds itself once (from |
40 |
> frandom) and does not use any more kernel entropy for subsequent calls. A |
41 |
> user level implementation would require a background process to manage a |
42 |
> persistent random pool that seeds itself only when necessary. This seems |
43 |
> like it's going too far for a glibc patch. Finally, I am considering |
44 |
> removing the sysctl pieces from ssp.c, because they are not needed, and a |
45 |
> /dev interface is more portable. This topic needs to stay open for |
46 |
> discussion. |
47 |
> |
48 |
> I have also attached a tar.gz of the portage directory. This is intended |
49 |
> to act as an overlay directory. You can untar it in /usr/local/portage or |
50 |
> something. I apologize for reworking the glibc ebuild, but it was just too |
51 |
> confusing. I went through all the patches and files in the files/ |
52 |
> directory and took out only what was needed for this branch update ebuild. |
53 |
> I moved all these patches into files/2.3.3 and reworked the ebuild to |
54 |
> reflect the proper version. This is a suggestion for clean-up, but mostly |
55 |
> it's just so I could test and develop more easily. |
56 |
> |
57 |
> Please let me know how this works for you. |
58 |
> |
59 |
> Thanks, |
60 |
> Cory Visi |
61 |
> |
62 |
> -- |
63 |
> gentoo-hardened@g.o mailing list |
64 |
-- |
65 |
Ned Ludd <solar@g.o> |
66 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |