| 1 |
Cory, |
| 2 |
Thanks. |
| 3 |
I'll continue this thread with you in the bug # |
| 4 |
|
| 5 |
On Wed, 2004-05-12 at 13:08, Cory Visi wrote: |
| 6 |
> Hello, I recently completed the development and testing for an |
| 7 |
> implementation of SSP utilizing frandom as previously discussed on this |
| 8 |
> list. It was a complete success, and I'm pleased to offer it up to |
| 9 |
> everyone interested. |
| 10 |
> |
| 11 |
> Here is the bugzilla link with all the necessary files and instructions: |
| 12 |
> http://bugs.gentoo.org/show_bug.cgi?id=50864 |
| 13 |
> |
| 14 |
> To save everyone a step, here is the main portion of the docs: |
| 15 |
> |
| 16 |
> Firstly, my development server is running 2.6.5-wolk3.0-rc2. It was |
| 17 |
> necessary to rework the frandom kernel patch for this kernel version. The |
| 18 |
> patch is attached and has also been submitted to the frandom author. For |
| 19 |
> 2.4 kernels, the included patch should work fine. |
| 20 |
> |
| 21 |
> The ssp-v6.c is based on Ned's (solar's) ssp5.c. I made only the change of |
| 22 |
> including config.h and sysctl.h. Also, I changed the ifdef's to |
| 23 |
> HAVE_DEV_ERANDOM. Finally, I merged the one small cosmetic change from |
| 24 |
> glibc-2.3.3_pre20040117-signal-ssp.diff (this patch is now obsolete). |
| 25 |
> |
| 26 |
> The attached glibc-2.3.2-propolice-guard-functions-v3.patch is simply the |
| 27 |
> v2 version with the ssp.c portion removed. The ssp.c is copied from files/ |
| 28 |
> in the ebuild now to allow for easy changes. This was requested by Ned. |
| 29 |
> |
| 30 |
> The only major change is the attached glibc-2.3.3-frandom-detect.patch. |
| 31 |
> This patches glibc's configure.in to detect the existance of /dev/erandom |
| 32 |
> and use it for SSP functionality. |
| 33 |
> |
| 34 |
> I'm not positive this is the best method for detection. We don't want |
| 35 |
> ssp.c to have to execute multiple open()'s on each exec, so a compile-time |
| 36 |
> implementation seems necessary. I'm not sure merely checking for the |
| 37 |
> existance of /dev/erandom is the best method to detect. Furthermore, the |
| 38 |
> Linux kernel team seems to feel frandom/erandom should be implemented at |
| 39 |
> the user level. The beauty of erandom is that it seeds itself once (from |
| 40 |
> frandom) and does not use any more kernel entropy for subsequent calls. A |
| 41 |
> user level implementation would require a background process to manage a |
| 42 |
> persistent random pool that seeds itself only when necessary. This seems |
| 43 |
> like it's going too far for a glibc patch. Finally, I am considering |
| 44 |
> removing the sysctl pieces from ssp.c, because they are not needed, and a |
| 45 |
> /dev interface is more portable. This topic needs to stay open for |
| 46 |
> discussion. |
| 47 |
> |
| 48 |
> I have also attached a tar.gz of the portage directory. This is intended |
| 49 |
> to act as an overlay directory. You can untar it in /usr/local/portage or |
| 50 |
> something. I apologize for reworking the glibc ebuild, but it was just too |
| 51 |
> confusing. I went through all the patches and files in the files/ |
| 52 |
> directory and took out only what was needed for this branch update ebuild. |
| 53 |
> I moved all these patches into files/2.3.3 and reworked the ebuild to |
| 54 |
> reflect the proper version. This is a suggestion for clean-up, but mostly |
| 55 |
> it's just so I could test and develop more easily. |
| 56 |
> |
| 57 |
> Please let me know how this works for you. |
| 58 |
> |
| 59 |
> Thanks, |
| 60 |
> Cory Visi |
| 61 |
> |
| 62 |
> -- |
| 63 |
> gentoo-hardened@g.o mailing list |
| 64 |
-- |
| 65 |
Ned Ludd <solar@g.o> |
| 66 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives