Re: ntdll: Randomize security cookie when available (try 4)
André Hentschel <nerv(a)dawncrow.de> writes:
@@ -1278,6 +1281,26 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz } }
+ + /* randomize security cookie */ + + if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes && + (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress)) + { + IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos); + ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie; + struct timeval tv; + + gettimeofday( &tv, NULL ); + srand( tv.tv_usec * getpid() ); + *cookie = rand();
That's not much better. It doesn't make sense to reset the seed on every call. -- Alexandre Julliard julliard(a)winehq.org
Am 29.06.2015 um 14:16 schrieb Alexandre Julliard:
André Hentschel <nerv(a)dawncrow.de> writes:
@@ -1278,6 +1281,26 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz } }
+ + /* randomize security cookie */ + + if (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG < nt->OptionalHeader.NumberOfRvaAndSizes && + (pos = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress)) + { + IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg = (IMAGE_LOAD_CONFIG_DIRECTORY *)(ptr + pos); + ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie; + struct timeval tv; + + gettimeofday( &tv, NULL ); + srand( tv.tv_usec * getpid() ); + *cookie = rand();
That's not much better. It doesn't make sense to reset the seed on every call.
Where would you see the best point for srand()? __wine_process_init()? Should i do it with a "once" variable? Or would you prefer something like in SystemFunction036 using /dev/urandom (suggested by Bruno)?
André Hentschel <nerv(a)dawncrow.de> writes:
Where would you see the best point for srand()? __wine_process_init()? Should i do it with a "once" variable? Or would you prefer something like in SystemFunction036 using /dev/urandom (suggested by Bruno)?
Using srand() is not a good idea since it's process-global. Something like RtlRandom is probably better. -- Alexandre Julliard julliard(a)winehq.org
participants (2)
-
Alexandre Julliard -
André Hentschel