Re: predictable IP ID

Theodore Y. Ts'o (tytso@mit.edu)
Mon, 4 Oct 1999 14:46:34 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Wojciech Zabolotny: "Bug in Linux serial driver (and fix proposal)"
Previous message: Art Pina: "Errors building Kernel 2.2.18"

Um, if the "predictable IP ID's" under discussion is the "TESO SEcurity
Advisonary" talking about the Linux Kernel 2.2.x ISN Vulernerability,
this is fixed already in the latest pre-2.2 kernel issued by Alan (I
believe; Alan, you did get this both into the ac kernels and the pre-2.2
kernel seriesl, right?) The problem is that the secret used in
secure_tcp_sequence_number isn't getting initialized correctly, due to a
type problem in get_random_bytes(). We should try the simple fix before
we start talking about extreme measures such as installing AVL trees. :-)

To the Teso crew, if you could try redoing your analysis with the
following patch applied, I would greatly appreciate it. The problem is
that the secret[] isn't array isn't getting properly initialized, and
the crypto hash doesn't work well when the secret is all zero's. Chalk
this up to another example of "why C is inherently an unsafe programming
langauge". (blush)

if (!rekey_time || (tv.tv_sec - rekey_time) > REKEY_INTERVAL) {
rekey_time = tv.tv_sec;
/* First three words are overwritten below. */
- get_random_bytes(&secret+3, sizeof(secret)-12);
+ get_random_bytes(&secret[3], sizeof(secret)-12);
count = (tv.tv_sec/REKEY_INTERVAL) << HASH_BITS;
}

- Ted

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Wojciech Zabolotny: "Bug in Linux serial driver (and fix proposal)"
Previous message: Art Pina: "Errors building Kernel 2.2.18"