Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Note that the usual post-fork catch-all security advice (having the child process exec() to wipe process state, thereby making a state leak really hard) solves the fork safety problem by giving the child a whole new PRNG instance, but actually makes it harder to solve the chroot safety problem.

There are various tricks to get a limited number of bytes from /dev/urandom into the chroot jail (such as by writing them to a regular file and secure-erasing that file when finished) to get around that.



How about passing the /dev/urandom file descriptor to the new process? That seems like the most robust solution to me.


That assumes that first process after the chroot knows how to receive and pass on that filedescriptor to the process that will eventually use libressl, which is not a given.


That does work well.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: