mmap - add mmap offset randomisation
Robin Carey
robin.carey1 at googlemail.com
Thu Nov 25 08:10:13 PST 2010
Dear DragonFlyBSD bugs,
Alex Hornung recently (today ?) added mmap randomisation (security feature), but in his commit he uses:
karc4random()
When he should really be using the superior kernel random number generator presented to userland via
/dev/random
and
/dev/urandom
There are other portions of Kernel code which needs to do the same, e.g. I think OpenBSDs PF Packet
Filter uses karc4random() ....-- Sincerely,Robin Carey
More information about the Bugs
mailing list