On 19.07.2014 0:06, Steven Chamberlain wrote: > It's been pointed out to me that OpenBSD solved that particular issue > with MAP_INHERIT_ZERO: the state of the arc4random PRNG is zeroed out > on forking, and it knows to reseed then. > > FreeBSD since r227520 (2011-11-15), calls getpid() on every > arc4random_buf call, to see if the pid has changed since it seeded, and > thus reseed. It was shown recently (in the context of LibreSSL > Portable) that this may not work in a contrived corner-case, so there > they added an atfork handler, but again might not always be called. I always say that calling getpid on every arc4random call is ugly and should be replaced by something. pthread_atfork belong to another library and MAP_INHERIT_ZERO is not currently implemented. -- http://ache.vniz.net/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"