Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Russ Allbery wrote:
>Steven Chamberlain <email@example.com> writes:
>> * first-forked process does not use the PRNG yet, but forks again
Actually, it does: it calls RAND_poll(), which libressl made
into a nop.
>control. There has been some talk of implementing PID randomization
>precisely to make this attack harder.
I've been testing this program (with the call to RAND_poll() commented
out) on my local machine: Debian/i386 (with amd64 kernel), and a
MirBSD/i386 virtual machine on the same system. MirBSD uses PID rando-
misation, of course.
Both show the effect, but the BSD VM (with PID randomisation) always
returns faster. Must be some kind of birthday paradoxon or something
happening. The time for Linux to return to the same PID is consistent
since it has to cycle through all PIDs; the BSD system on average
hits the same PID again faster, and the chance to not hit the same
PID at all is very marginal.