attacks.
Most people will answer N.
-config SSP_USE_ERANDOM
- bool "Use erandom for setting guard value if /dev/urandom fails"
- depends on UCLIBC_HAS_SSP && !SSP_QUICK_CANARY
- default n
- help
- Use /dev/erandom to define the guard if /dev/urandom fails (chroot).
- This requires a modified kernel.
- More information at:
- <http://frandom.sourceforge.net/>
- Most people will answer N.
-
choice
prompt "Propolice protection blocking signal"
depends on UCLIBC_HAS_SSP
#include <signal.h>
#include <linux/unistd.h>
-#ifdef __SSP_USE_ERANDOM__
-# include <sys/sysctl.h>
-#if 1
-# define SYSCTL __sysctl
-#else
-#define __NR__kernel_sysctl __NR_sysctl
-static __always_inline _syscall6(int,__kernel_sysctl,int *,name,int,nlen,void *,oldval,size_t *,oldlenp,void *,newval,size_t,newlen);
-#define SYSCTL(name,nlen,oldval,oldlenp,newval,newlen) __kernel_sysctl(name,nlen,oldval,oldlenp,newval,newlen)
-#endif
-#endif
-
#ifndef __SSP_QUICK_CANARY__
#define __NR___kernel_open __NR_open
static __always_inline _syscall2(int,__kernel_open,const char *,path,int,flags);
{
uintptr_t ret;
#ifndef __SSP_QUICK_CANARY__
-
- size_t size;
-
-# ifdef __SSP_USE_ERANDOM__
- {
- int mib[3];
- /* Random is another depth in Linux, hence an array of 3. */
- mib[0] = CTL_KERN;
- mib[1] = KERN_RANDOM;
- mib[2] = RANDOM_ERANDOM;
-
- if (SYSCTL(mib, 3, &ret, &size, NULL, 0) != (-1))
- if (size == (size_t) sizeof(ret))
- return ret;
- }
-# endif /* ifdef __SSP_USE_ERANDOM__ */
{
- int fd;
-
-# ifdef __SSP_USE_ERANDOM__
- /*
- * Attempt to open kernel pseudo random device if one exists before
- * opening urandom to avoid system entropy depletion.
- */
- if ((fd = OPEN("/dev/erandom", O_RDONLY)) == (-1))
-# endif
- fd = OPEN("/dev/urandom", O_RDONLY);
+ int fd = OPEN("/dev/urandom", O_RDONLY);
if (fd >= 0) {
- size = READ(fd, &ret, sizeof(ret));
+ size_t size = READ(fd, &ret, sizeof(ret));
CLOSE(fd);
if (size == (size_t) sizeof(ret))
return ret;