Page MenuHomeFreeBSD
Differential D45683

include: ssp: fortify <sys/random.h>
ClosedPublic
Actions

Authored by kevans on Jun 21 2024, 5:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 25, 7:27 AM
Unknown Object (File)
Tue, Dec 24, 12:17 PM
Unknown Object (File)
Mon, Dec 23, 8:57 PM
Unknown Object (File)
Dec 6 2024, 12:25 AM
Unknown Object (File)
Dec 1 2024, 9:50 PM
Unknown Object (File)
Dec 1 2024, 9:50 PM
Unknown Object (File)
Dec 1 2024, 9:30 PM
Unknown Object (File)
Nov 22 2024, 5:01 PM
View All 46 Files
Subscribers
imp

Details

Reviewers
kib
markj
Group Reviewers
Klara
Commits
rG062d9380b986: include: ssp: fortify <sys/random.h>
Summary

That is to say, fortify getrandom(2).

Sponsored by: Stormshield
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Jun 21 2024, 5:00 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 21 2024, 5:00 PM
kevans requested review of this revision.Jun 21 2024, 5:00 PM
Harbormaster completed remote builds in B58292: Diff 140084.Jun 21 2024, 5:00 PM
kevans added a parent revision: D45682: include: ssp: fortify <wchar.h>.Jun 21 2024, 5:00 PM
kevans added a child revision: D45684: include: ssp: fortify <sys/uio.h>.
markj accepted this revision as: markj.Jul 2 2024, 2:25 PM

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

This revision is now accepted and ready to land.Jul 2 2024, 2:25 PM
kevans added a comment.Jul 2 2024, 4:10 PM
In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

markj added a comment.Jul 2 2024, 4:15 PM
In D45683#1045076, @kevans wrote:
In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

Am I right that this patch series doesn't fortify arc4random_buf(), or did I just miss it? I'd assume it's worth it as well, I don't see a downside.

kevans added a comment.Jul 2 2024, 4:20 PM
In D45683#1045082, @markj wrote:
In D45683#1045076, @kevans wrote:
In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

Am I right that this patch series doesn't fortify arc4random_buf(), or did I just miss it? I'd assume it's worth it as well, I don't see a downside.

Oh, sorry, it's over in https://reviews.freebsd.org/D45681

markj added a comment.Jul 2 2024, 4:32 PM
In D45683#1045084, @kevans wrote:
In D45683#1045082, @markj wrote:
In D45683#1045076, @kevans wrote:
In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

Am I right that this patch series doesn't fortify arc4random_buf(), or did I just miss it? I'd assume it's worth it as well, I don't see a downside.

Oh, sorry, it's over in https://reviews.freebsd.org/D45681

I did miss it, my bad. I had just forgotten about that patch.

Closed by commit rG062d9380b986: include: ssp: fortify <sys/random.h> (authored by kevans). · Explain WhyJul 13 2024, 5:23 AM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rG062d9380b986: include: ssp: fortify <sys/random.h>.

Revision Contents
Changeset List

Diff 140854

View Options

include/ssp/Makefile

Loading...
View Options

include/ssp/random.h

Loading...
View Options

lib/libc/tests/secure/Makefile

Loading...
View Options

lib/libc/tests/secure/fortify_poll_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_random_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_stdio_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_stdlib_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_string_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_strings_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_unistd_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_wchar_test.c

Loading...
View Options

lib/libc/tests/secure/generate-fortify-tests.lua

Loading...
View Options

sys/sys/random.h

Loading...