Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 May 2001 18:58:07 +0300
From: Jarno Huuskonen <Jarno.Huuskonen@....fi>
To: owl-users@...ts.openwall.com
Subject: glibc resolver dns query ids

I noticed that you have added a patch for glibc-2.1.3 to use more random
dns query ids (the same patch you have for bind-4.9.x ?).

Have you done any tests to see if the patch adds any performance 
penalties etc. ? (My rough guess would be that any penalties will be very
minimal).

(Also have you tested bind-8.2.3 with 'use-id-pool yes;' to see if it
uses decent query id's and how it compares to your res_randomid patch ?)

Have you done (or considered) a similar patch for glibc __gen_tempname ?
Here's part of the __gen_tempname code (looks similar to the res_randomid):
value += ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec ^ __getpid ();
(I guess it couldn't hurt if __gen_tempname would accept more than six X's).

This probably isn't very interesting but might help some (closed source)
programs (if you have to use them) that use mktemp/tempnam with or 
without O_EXCL.

Have you considered using something like prngd as a random source ?
OpenSSH seems to recommend prngd.

-Jarno

-- 
Jarno Huuskonen - System Administrator   |  Jarno.Huuskonen@....fi
University of Kuopio - Computer Center   |  Work:   +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland       |  Mobile: +358 40 5388169

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.