diff -Naur uClibc-20060508.orig/extra/Configs/Config.in uClibc-20060508/extra/Configs/Config.in --- uClibc-20060508.orig/extra/Configs/Config.in 2006-05-08 07:10:33.000000000 +0000 +++ uClibc-20060508/extra/Configs/Config.in 2006-05-08 21:29:49.000000000 +0000 @@ -1303,27 +1303,36 @@ Most people will answer N. +config MKTEMP_USES_ARC4RANDOM + bool "Use arc4randon() in mktemp(3)" + depends on UCLIBC_HAS_ARC4RANDOM + default n + help + Answer Y to use arc4random() as mktemp's entropy source. + + Most people will answer N. + config HAVE_NO_SSP bool default n config UCLIBC_HAS_SSP - bool "Support for propolice smashing stack protector" + bool "Support for propolice stack smashing protector" depends on !HAVE_NO_SSP default n help - Add propolice smashing stack protector to the library. + Add propolice stack smashing protector to the library. This requires GCC 4.1, supporting the -fstack-protector[-all] options. GCC does not have to provide libssp, the needed functions are added to ldso/libc instead. Most people will answer N. config UCLIBC_HAS_SSP_COMPAT - bool "Support for gcc-3.x propolice smashing stack protector" + bool "Support for gcc-3.x propolice stack smashing protector" depends on UCLIBC_HAS_SSP default n help - Add gcc-3.x propolice smashing stack protector to the library. + Add gcc-3.x propolice stack smashing protector to the library. This requires a patched version of GCC, supporting the -fstack-protector[-all] options, with the __guard and __stack_smash_handler functions removed from libgcc. @@ -1339,10 +1348,18 @@ help Use gettimeofday(2) to define the __guard without accessing /dev/urandom. - WARNING: This makes smashing stack protector vulnerable to timing + WARNING: This makes stack smashing protector vulnerable to timing attacks. Most people will answer N. +config SSP_USES_ARC4RANDOM + bool "Make propolice protection use arc4random()" + depends on UCLIBC_HAS_SSP && UCLIBC_HAS_ARC4RANDOM && !SSP_QUICK_CANARY + default n + help + Answer Y to use arc4random as propolice's __guard entropy source. + Most people will answer N. + choice prompt "Propolice protection blocking signal" depends on UCLIBC_HAS_SSP diff -Naur uClibc-20060508.orig/libc/misc/internals/tempname.c uClibc-20060508/libc/misc/internals/tempname.c --- uClibc-20060508.orig/libc/misc/internals/tempname.c 2006-05-08 07:12:13.000000000 +0000 +++ uClibc-20060508/libc/misc/internals/tempname.c 2006-05-08 21:29:49.000000000 +0000 @@ -136,6 +136,7 @@ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; #define NUM_LETTERS (62) +#if !defined(__MKTEMP_USES_ARC4RANDOM__) static unsigned int fillrand(unsigned char *buf, unsigned int len) { int fd; @@ -150,6 +151,7 @@ } return result; } +#endif static void brain_damaged_fillrand(unsigned char *buf, unsigned int len) { @@ -207,10 +209,16 @@ } /* Get some random data. */ + #if defined(__MKTEMP_USES_ARC4RANDOM__) + for (i = 0 ; i < sizeof(randomness) ; i++) { + randomness[i] = (arc4random() % 62); + } + #else if (fillrand(randomness, sizeof(randomness)) != sizeof(randomness)) { /* if random device nodes failed us, lets use the braindamaged ver */ brain_damaged_fillrand(randomness, sizeof(randomness)); } + #endif for (i = 0; i < sizeof(randomness); ++i) XXXXXX[i] = letters[(randomness[i]) % NUM_LETTERS]; diff -Naur uClibc-20060508.orig/libc/sysdeps/linux/common/dl-osinfo.h uClibc-20060508/libc/sysdeps/linux/common/dl-osinfo.h --- uClibc-20060508.orig/libc/sysdeps/linux/common/dl-osinfo.h 2006-05-08 07:11:41.000000000 +0000 +++ uClibc-20060508/libc/sysdeps/linux/common/dl-osinfo.h 2006-05-08 21:35:07.000000000 +0000 @@ -9,6 +9,17 @@ #include +#ifdef __SSP_USES_ARC4RANDOM__ +#include +#ifdef IS_IN_rtld +/* This is a dummy function, so that it resolves in ld.so. */ +uint32_t +arc4random(void) +{ +} +#endif +#endif + #ifdef __UCLIBC_HAS_SSP__ # if defined IS_IN_libc || defined IS_IN_rtld @@ -40,6 +51,12 @@ { uintptr_t ret; # ifndef __SSP_QUICK_CANARY__ +# ifdef __SSP_USES_ARC4RANDOM__ + { + ret = arc4random(); + return ret; + } +# else { int fd = OPEN("/dev/urandom", O_RDONLY, 0); if (fd >= 0) { @@ -49,6 +66,7 @@ return ret; } } +# endif /* __SSP_USES_ARC4RANDOM__ */ # endif /* !__SSP_QUICK_CANARY__ */ /* Start with the "terminator canary". */