diff options
| author | lloyd <[email protected]> | 2013-11-10 16:26:26 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2013-11-10 16:26:26 +0000 |
| commit | 1f93e819b251483fa2e4e53494fedf34c5f451b2 (patch) | |
| tree | 70091cef2fb7b32eed2fcc3afa07ec558259456e | |
| parent | 8758cc592f01050f13618c24491acc86f36fc874 (diff) | |
Split off Unix_EntropySource's fast_poll to a new source
| -rw-r--r-- | src/entropy/unix_procs/unix_procs.cpp | 25 | ||||
| -rw-r--r-- | src/entropy/unix_procs/unix_procs.h | 10 | ||||
| -rw-r--r-- | src/libstate/global_rng.cpp | 4 |
3 files changed, 14 insertions, 25 deletions
diff --git a/src/entropy/unix_procs/unix_procs.cpp b/src/entropy/unix_procs/unix_procs.cpp index 8d7bf4e48..8a409ad9d 100644 --- a/src/entropy/unix_procs/unix_procs.cpp +++ b/src/entropy/unix_procs/unix_procs.cpp @@ -63,32 +63,13 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p { } -void Unix_EntropySource::fast_poll(Entropy_Accumulator& accum) +void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum) { - const char* stat_targets[] = { - "/", - "/tmp", - "/var/tmp", - "/usr", - "/home", - "/etc/passwd", - ".", - "..", - nullptr - }; - - for(size_t i = 0; stat_targets[i]; i++) - { - struct stat statbuf; - clear_mem(&statbuf, 1); - ::stat(stat_targets[i], &statbuf); - accum.add(&statbuf, sizeof(statbuf), 0.0); - } - accum.add(::getpid(), 0.0); accum.add(::getppid(), 0.0); accum.add(::getuid(), 0.0); accum.add(::getgid(), 0.0); + accum.add(::getsid(0), 0.0); accum.add(::getpgrp(), 0.0); struct ::rusage usage; @@ -196,8 +177,6 @@ const std::vector<std::string>& Unix_EntropySource::next_source() void Unix_EntropySource::poll(Entropy_Accumulator& accum) { - //fast_poll(accum); - // refuse to run as root (maybe instead setuid to nobody before exec?) // fixme: this should also check for setgid if(::getuid() == 0 || ::geteuid() == 0) diff --git a/src/entropy/unix_procs/unix_procs.h b/src/entropy/unix_procs/unix_procs.h index fa92fbe20..7c1ae8c65 100644 --- a/src/entropy/unix_procs/unix_procs.h +++ b/src/entropy/unix_procs/unix_procs.h @@ -27,8 +27,6 @@ class Unix_EntropySource : public EntropySource void poll(Entropy_Accumulator& accum) override; - void fast_poll(Entropy_Accumulator& accum); - /** * @param trusted_paths is a list of directories that are assumed * to contain only 'safe' binaries. If an attacker can write @@ -78,6 +76,14 @@ class Unix_EntropySource : public EntropySource std::vector<Unix_Process> m_procs; }; +class UnixProcessInfo_EntropySource : public EntropySource + { + public: + std::string name() const { return "Unix Process Info"; } + + void poll(Entropy_Accumulator& accum); + }; + } #endif diff --git a/src/libstate/global_rng.cpp b/src/libstate/global_rng.cpp index 631d81bce..db857b41d 100644 --- a/src/libstate/global_rng.cpp +++ b/src/libstate/global_rng.cpp @@ -57,6 +57,10 @@ std::vector<std::unique_ptr<EntropySource>> Library_State::entropy_sources() sources.push_back(std::unique_ptr<EntropySource>(new Intel_Rdrand)); #endif +#if defined(BOTAN_HAS_ENTROPY_SRC_UNIX_PROCESS_RUNNER) + sources.push_back(std::unique_ptr<EntropySource>(new UnixProcessInfo_EntropySource)); +#endif + #if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM) sources.push_back(std::unique_ptr<EntropySource>(new Device_EntropySource( { "/dev/random", "/dev/srandom", "/dev/urandom" } |