[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Using arc4random() for luai_makeseed()?
- From: Daurnimator <quae@...>
- Date: Sat, 26 Dec 2015 02:02:53 +1100
On 25 December 2015 at 23:48, Vitaly Magerya <vmagerya@gmail.com> wrote:
> Hi, folks. Some time ago Lua (5.2+) hash tables started using a
> semi-random hash seed; this was a measure introduced to mitigate
> DoS attacks based on hash collisions. Currently both Lua 5.3.2
> and 5.2.4 compute this seed from a 'time(NULL)' call combined
> with addresses of various functions and variables (in hope that
> ASLR will randomize those).
>
> The problem for me is that FreeBSD has no ASLR at the moment,
> and the hash seed only changes as often as 'time(NULL)': once
> per second. This makes it hard, for example, to run microbenchmarks:
> performance of some code pieces jumps once per second, so to
> average that out I'm forced to wait minutes.
>
> Basically what I would like to see is a better randomness source
> than 'time(NULL)'. Now, there where discussions [1] about using
> 'arc4random()' for this task (if the system supports that), and
> it seems that source code is structured to allow for this, i.e.
> see 'src/lstate.c':
>
> /*
> ** a macro to help the creation of a unique random seed when a state is
> ** created; the seed is used to randomize hashes.
> */
> #if !defined(luai_makeseed)
> #include <time.h>
> #define luai_makeseed() cast(unsigned int, time(NULL))
> #endif
>
> So, the first question I have is: do you folks plan to use a
> kernel-provided randomness source like 'arc4random()' (under
> *BSD) or 'getrandom()' (under Linux)?
>
> The second question is: would you approve if FreeBSD package of
> Lua was to patch 'luai_makeseed' into 'arc4random()'? I'm asking
> this because I've been using such a patch locally for a while,
> but FreeBSD Lua maintainers would like your approval before
> adding it to the ports collection.
>
> [1] http://lua-users.org/lists/lua-l/2012-01/msg00658.html
>
It would seem reasonable to me for the lua 'freebsd' Makefile target
to pass something like this in SYSCFLAGS:
-D'luai_makeseed()=cast(unsigned int, arc4random())'
