r1144 - in trunk/BOOK: . chapter01 chapter05 chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Fri Jun 8 02:28:08 PDT 2007


Author: robert
Date: 2007-06-08 03:28:08 -0600 (Fri, 08 Jun 2007)
New Revision: 1144

Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter05/embryo-toolchain.xml
   trunk/BOOK/chapter06/glibc.xml
   trunk/BOOK/patches.ent
Log:
New Glibc arc4_prng patch, adding mkstemps(), and strfry() support

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml	2007-06-08 07:49:32 UTC (rev 1143)
+++ trunk/BOOK/chapter01/changelog.xml	2007-06-08 09:28:08 UTC (rev 1144)
@@ -52,6 +52,10 @@
       <para>June 8th, 2007</para>
       <itemizedlist>
         <listitem>
+          <para>[robert]: New Glibc arc4_prng patch, adding mkstemps(), and
+          strfry() support.</para>
+        </listitem>
+        <listitem>
           <para>[robert]: Added -fpic back to embryo toolchain.</para>
         </listitem>
       </itemizedlist>

Modified: trunk/BOOK/chapter05/embryo-toolchain.xml
===================================================================
--- trunk/BOOK/chapter05/embryo-toolchain.xml	2007-06-08 07:49:32 UTC (rev 1143)
+++ trunk/BOOK/chapter05/embryo-toolchain.xml	2007-06-08 09:28:08 UTC (rev 1144)
@@ -60,12 +60,12 @@
     binutils-&binutils-version; to compile correctly.</para>
 
     <para role="aslr">There is a circular dependency issue when we will build
-    libc's utilities as Position Independent Executables (PIE's). The
+    libc's utilities as Position Independent Executable's (PIE's). The
     start-files from this toolchain are used when building libc, and the second
     toolchain we build in this chapter uses files from libc which were linked
     to files from this toolchain. The smoothest way of dealing with this is to
-    add the <option>-fPIC</option> to this GCC's specs file, and during the
-    bootstrap we will begin to escape from a non-position-independent-code
+    add the <option>-fPIC</option> option to this GCC's specs file, and during
+    the bootstrap we will begin to escape from a non-position-independent-code
     toolchain. The libc in this chapter will also be built with
     <option>-fPIC</option>, and we will have sucessfully built a purely PIC
     toolchain which can in turn build a purely PIC final system. Add

Modified: trunk/BOOK/chapter06/glibc.xml
===================================================================
--- trunk/BOOK/chapter06/glibc.xml	2007-06-08 07:49:32 UTC (rev 1143)
+++ trunk/BOOK/chapter06/glibc.xml	2007-06-08 09:28:08 UTC (rev 1144)
@@ -99,17 +99,30 @@
 
 <screen role="pax"><userinput>patch -Np1 -i ../&glibc-pt_pax-patch;</userinput></screen>
 
-    <para>The next patch adds the arc4random() library function to libc.
-    This function is used by many packages as a fail-safe way to get
-    random numbers, and is more dependable than accessing
-    <filename class="devicefile">/dev/urandom</filename> directly.
-    This patch also uses arc4random() in tempname so it is used by the
-    mktemp() family of functions, instead of gettimeofday(), and to
-    res_init, res_mkquery, and bindrsvprt to improve the resolver and
-    port number randomization, instead of using getpid(). Additionally,
-    this patch adds the <option>--with-prng-device</option> configure
-    option to allow us to specify which pseudo-random device to use
-    for arc4random() and SSP. Apply this patch with the following
+    <para>The next patch adds the arc4random(), and mkstemps() library
+    functions to libc. arc4random() is used by many packages as a fail-safe
+    way to get a random string. arc4random() is more dependable than accessing
+    <filename class="devicefile">/dev/urandom</filename> directly because even
+    if <filename class="devicefile">/dev/urandom</filename> fails to open
+    arc4random() will use gettimeofday() and getpid() to replace the 0's in a
+    large uninitialized array. So even if two applications use arc4random() at
+    the same instant, and the <filename class="devicefile">/dev/urandom</filename>
+    device is not accessable (like from inside a chroot), arc4random() will
+    return completely different results to each application. The entropy
+    arc4random() gets is run through the arcfour stream cipher before
+    returning the result. mkstemps() is like mkstemp() except that it accepts
+    a suffix argument. Several packages use mkstemps(), such as GCC and
+    Binutils. mkstemps() is included with this patch so it will use
+    arc4random(), instead of the default gettimeofday(). This patch also uses
+    arc4random() in tempname() so it will be used by the mktemp() family of
+    functions, and in strfry(), res_init, res_mkquery, and bindrsvprt to
+    improve the resolver and port number randomization. Additionally, this
+    patch adds the <parameter>--with-prng-device</parameter> configure
+    parameter to allow us to specify which pseudo-random device to use for
+    arc4random() and SSP. This patch was rejected upstream because the Glibc
+    team believes it is more suitable in it's own library. However if
+    arc4random() were used in it's own library then the mktemp() and resolver
+    functions in Glibc would not use it. Apply this patch with the following
     command:</para>
 
 <screen><userinput>patch -Np1 -i ../&glibc-arc4_prng-patch;</userinput></screen>

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent	2007-06-08 07:49:32 UTC (rev 1143)
+++ trunk/BOOK/patches.ent	2007-06-08 09:28:08 UTC (rev 1144)
@@ -78,9 +78,9 @@
 <!ENTITY gcc-Wno_overlength_strings-patch-md5 "903adae06781a5ec285ea8c050025299">
 <!ENTITY gcc-Wno_overlength_strings-patch-size "24 KB">
 
-<!ENTITY glibc-arc4_prng-patch "glibc-&glibc-version;-arc4_prng-1.patch">
-<!ENTITY glibc-arc4_prng-patch-md5 "74b99c386c44e83f2922c540db56b49f">
-<!ENTITY glibc-arc4_prng-patch-size "28 KB">
+<!ENTITY glibc-arc4_prng-patch "glibc-&glibc-version;-arc4_prng-2.patch">
+<!ENTITY glibc-arc4_prng-patch-md5 "fb254631eef89ece5ce95042fbfc151a">
+<!ENTITY glibc-arc4_prng-patch-size "36 KB">
 
 <!ENTITY glibc-asprintf_reset2null-patch "glibc-&glibc-version;-asprintf_reset2null-1.patch">
 <!ENTITY glibc-asprintf_reset2null-patch-md5 "0626990e72a372ef03772bfaca0a0ba7">




More information about the hlfs-book mailing list