[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getppid misused as entropy source

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: getppid misused as entropy source
From: Fabio Olive Leite <fabio_(_dot_)_olive_(_at_)_gmail_(_dot_)_com>
Date: Tue, 8 Mar 2005 16:50:57 -0300
Mail-followup-to: tech_(_at_)_openbsd_(_dot_)_org

On Tue, Mar 08, 2005 at 03:27:55PM +0100, Bruno Rohee wrote:
> 
> I'm afraid that this patch is wrong, the return value from getppid()
> was constrained in the 2-65535 range and the call to arc4random()
> isn't. And I think it's bad in that context. I'll look at it again tonight.

I admit I do not know the protocol, so I don't know all of the
implications of that change. It's just that the code looked so weird
"I need an auth_port (whatever it is), let's get the ttyslot(). Oh
wait, it was zero? Then get the parent pid.".

BTW, the range of getppid() is 1-32766.

Regards,
Fabio Olive

-- 
I drowned in the universal pool of entropy
Eris has saved me, and she has set me free

Follow-Ups:
- Re: getppid misused as entropy source
  - From: Bruno Rohee

References:
- getppid misused as entropy source
  - From: Fabio Olive Leite
- Re: getppid misused as entropy source
  - From: Bruno Rohee

Prev by Date: Re: Redirect stderr to stdout for {daily,weekly,monthly}.local
Next by Date: Re: getppid misused as entropy source
Previous by thread: Re: getppid misused as entropy source
Next by thread: Re: getppid misused as entropy source
Index(es):
- Date
- Thread

Visit your host, monkey.org