diff options
author | Brent Cook <bcook@cvs.openbsd.org> | 2016-01-04 02:04:57 +0000 |
---|---|---|
committer | Brent Cook <bcook@cvs.openbsd.org> | 2016-01-04 02:04:57 +0000 |
commit | 51ba3d277d2aaf6c936db2ad0155291df06e0d4e (patch) | |
tree | 06bc0be4c0dc0eb3536d3057f10317f8fce148e1 /lib/libssl/t1_srvr.c | |
parent | d83b5378ef7949036592dff377f4c457e302354e (diff) |
Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.
Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@
Diffstat (limited to 'lib/libssl/t1_srvr.c')
0 files changed, 0 insertions, 0 deletions