Randomness Used in Userland Libraries

Next: Randomness Used in Userland Up: Non-repeating Random Numbers Previous: Randomness Used Inside the

DNS query IDs typically start at 1 and increment for each subsequent query. An attacker can cause a DNS lookup, e.g., by telneting to the target host, and spoof the reply, since the content of the query and the ID are known or easily predictable. Since host authentication is still in wide-spread use, this is a serious security vulnerability present in virtually all systems. To avoid this issue, we have modified our in-tree copy of bind(8) and our libc resolver to make use of the non-repeating PRNG.
arc4random(3) seeding, as mentioned in section 3.2.
Stronger temporary names.
Processes typically create temporary files by generating a random filename via mktemp(3) and then opening that file in the /tmp directory. A more secure way for doing so is through mkstemp(3), which generates the filename and opens the file in one atomic operation, thus eliminating the potential for races. Both functions, which reside in libc, make use of arc4random(3) to generate the random filenames, making it much harder for an attacker to guess the names in advance.
Generate salts for the various password algorithms. For some more details, see section 4.1.

Next: Randomness Used in Userland Up: Non-repeating Random Numbers Previous: Randomness Used Inside the

& D. Keromytis
4/26/1999