[become] / src / noise.c

/* -*-c-*-
 *
 * $Id: noise.c,v 1.6 1998/06/18 15:08:14 mdw Exp $
 *
 * Collection of environmental noise
 *
 * (c) 1998 EBI
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of `become'
 *
 * `Become' is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * `Become' is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with `become'; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------*
 *
 * $Log: noise.c,v $
 * Revision 1.6  1998/06/18 15:08:14  mdw
 * Improve signal handling when accumulating noise from child processes.
 *
 * Revision 1.5  1998/04/23 13:25:23  mdw
 * Try to reduce the amount of `ps'ing done under OSF/1, because /dev/kmem
 * seems very slow.
 *
 * Revision 1.4  1998/02/20 17:52:32  mdw
 * Don't use `df' for noise gathering, because it gets upset when NFS
 * servers aren't responding.
 *
 * Revision 1.3  1998/01/12 16:46:19  mdw
 * Fix copyright date.
 *
 * Revision 1.2  1997/08/20  16:19:57  mdw
 * Fix test for `/dev/random' so that it doesn't close `stdin' if it fails!
 *
 * Revision 1.1  1997/08/07 09:45:26  mdw
 * New source file added to acquire environmental noise and add it to the
 * randomness pool (see `rand.c').
 *
 */

/*----- Header files ------------------------------------------------------*/

/* --- ANSI headers --- */

#include <ctype.h>
#include <errno.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>

/* --- Unix headers --- */

#include <sys/types.h>
#include <sys/time.h>

#include "config.h"
#if defined(HAVE_GETRUSAGE)
#  include <sys/resource.h>
#elif defined(HAVE_VTIMES)
#  include <sys/vtimes.h>
#endif

#include <sys/wait.h>

#include <fcntl.h>
#include <unistd.h>

/* --- Local headers --- */

#include "noise.h"
#include "rand.h"
#include "utils.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @noise__shell@ --- *
 *
 * Arguments:	@const char *cmd@ = pointer to a shell command
 *
 * Returns:	---
 *
 * Use:		Adds the output of the shell command to the randomness pool.
 *		Some care is taken to do the Right Thing when running setuid.
 */

static void noise__shell(const char *cmd)
{
  int pfd[2];
  pid_t pid;

#ifdef HAVE_SIGPROCMASK
  sigset_t ob, nb;
#endif

  /* --- Create a pipe for talking to the child --- */

  if (pipe(pfd))
    return;

  /* --- Sort out the signal handling for the parent --- *
   *
   * Block @SIGCHLD@ while this is going on.  Unlike the standard @system@
   * function, I won't disable @SIGINT@ and @SIGQUIT@.  Then, if the user
   * stops the child with a terminal signal, the parent (i.e., me) gets
   * killed too, and I don't end up with a tiny dribble of entropy when I'm
   * expecting quite a lot.
   */

#ifdef HAVE_SIGPROCMASK
  sigemptyset(&nb);
  sigaddset(&nb, SIGCHLD);
  if (sigprocmask(SIG_BLOCK, &nb, &ob))
    goto fail_0;
#endif

  /* --- Create the child process --- */

  pid = fork();
  if (pid < 0)
    goto fail_1;

  if (pid == 0) {
    int fd;
    char *argv[] = { "/bin/sh", "-c", 0, 0 };
    char *env[] = {
      "PATH=/bin:/usr/bin:/usr/ucb:/usr/etc:/sbin:/usr/sbin",
      0
    };

    /* --- Restore signal handling things --- */

#ifdef HAVE_SIGPROCMASK
    sigprocmask(SIG_SETMASK, &nb, 0);
#endif

    /* --- Become nobody --- *
     *
     * This assumes that @-2@ is a safe user to be.  It shouldn't be root,
     * because it doesn't need to be, and nothing should be done as root
     * which could be done as someone else.  It shouldn't be the user who
     * invoked me, because that would enable her to kill the children before
     * I've read enough entropy from them, and that wouldn't be good.
     */

    setuid(-2);

    /* --- Close the old standard streams --- */

    close(0);
    close(1);
    close(2);

    /* --- Set up stdin and stderr to be empty, and stdout as our pipe --- */

    if (((fd = open("/dev/null", O_RDONLY)) != 0 &&
	 (fd = dup2(fd, 0)) != 0) ||
	((fd = dup2(pfd[1], 1)) != 1) ||
	((fd = open("/dev/null", O_WRONLY)) != 2 &&
	 (fd = dup2(fd, 2)) != 2))
      goto child_fail;

    /* --- Close the original pipe file descriptors --- */

    close(pfd[0]);
    close(pfd[1]);
    burn(pfd);

    /* --- Now run the child process --- */

    argv[2] = (char *)cmd;		/* POSIX screwed up the prototype */
    execve("/bin/sh", argv, env);

    /* --- Something went horribly wrong --- */

  child_fail:
    _exit(127);
  }

  /* --- Now read from the child until it's all done --- */

  {
    char buf[1024];
    ssize_t sz;

    close(pfd[1]);
    for (;;) {
      sz = read(pfd[0], buf, sizeof(buf));
      if (sz == 0 || (sz < 0 && sz != EINTR))
	break;
      rand_add(buf, sz);
    }
    close(pfd[0]);
    rand_add(pfd, sizeof(pfd));
    burn(buf); burn(pfd);
  }

  /* --- The child should be dead now, so wait for it --- */

  {
    int st;
    wait(&st);
    rand_add(&st, sizeof(st));
    rand_add(&pid, sizeof(pid));
  }

  /* --- Restore signals --- */

fail_1:
#ifdef HAVE_SIGPROCMASK
  sigprocmask(SIG_SETMASK, &ob, 0);
#endif
fail_0:;
}

/* --- @noise_acquire@ --- *
 *
 * Arguments:	---
 *
 * Returns:	---
 *
 * Use:		Attempts to acquire an amount of random noise from the
 *		environment.  A lot of it's not actually much good, but
 *		it's better than nothing.  There's probably a bit or two's
 *		worth in each item which gets added.
 */

void noise_acquire(void)
{
  /* --- Try a real random number source --- *
   *
   * Some operating systems (notably Linux) provide a `/dev/random' which
   * contains distilled random numbers from the outside world.
   */

  {
    int fd;
    int f;
    unsigned char buff[64];
    ssize_t sz;

    if ((fd = open("/dev/random", O_RDONLY)) >= 0 &&
	(f = fcntl(fd, F_GETFL, 0)) >= 0 &&
	fcntl(fd, F_SETFL, f | O_NONBLOCK) >= 0 &&
	(sz = read(fd, buff, sizeof(buff))) > 0) {
      rand_add(buff, sz);
      burn(buff);
    }
    if (fd >= 0)
      close(fd);
  }

  /* --- Squeeze some entropy from the current time --- */

  {
    struct timeval tv;
    clock_t c;

    gettimeofday(&tv, 0);
    c = clock();
    rand_add(&tv, sizeof(tv));
    rand_add(&c, sizeof(c));
    burn(tv); burn(c);
  }

  /* --- Try some commands which ask the outside world some questions --- */

  noise__shell("ps auxww || ps -ef; netstat -an");

  /* --- Get our resource usage to see if that's at all interesting --- */

#if defined(HAVE_GETRUSAGE)
  {
    struct rusage ru;
    getrusage(RUSAGE_SELF, &ru);
    rand_add(&ru, sizeof(ru));
    getrusage(RUSAGE_CHILDREN, &ru);
    rand_add(&ru, sizeof(ru));
    burn(ru);
  }
#elif defined(HAVE_VTIMES)
  {
    struct vtimes vt, vtc;
    vtimes(&vt, &vtc);
    rand_add(&vt, sizeof(vt));
    rand_add(&vtc, sizeof(vtc));
    burn(vt); burn(vtc);
  }
#endif

  /* --- Squeeze some more entropy from the current time --- */

  {
    struct timeval tv;
    clock_t c;

    gettimeofday(&tv, 0);
    c = clock();
    rand_add(&tv, sizeof(tv));
    rand_add(&c, sizeof(c));
    burn(tv); burn(c);
  }

  /* --- Done -- churn the random pool --- */

  rand_churn();
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
d9fd0b20	1	/* --c--
d9fd0b20	2	*
d2441912	3	* $Id: noise.c,v 1.6 1998/06/18 15:08:14 mdw Exp $
d9fd0b20	4	*
	5	* Collection of environmental noise
	6	*
c758e654	7	* (c) 1998 EBI
d9fd0b20	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of `become'
	13	*
	14	* `Become' is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
	18	*
	19	* `Become' is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
	25	* along with `become'; if not, write to the Free Software Foundation,
	26	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	27	*/
	28
	29	/----- Revision history --------------------------------------------------
	30	*
	31	* $Log: noise.c,v $
d2441912	32	* Revision 1.6 1998/06/18 15:08:14 mdw
	33	* Improve signal handling when accumulating noise from child processes.
	34	*
ae37bd45	35	* Revision 1.5 1998/04/23 13:25:23 mdw
	36	* Try to reduce the amount of `ps'ing done under OSF/1, because /dev/kmem
	37	* seems very slow.
	38	*
1144a3e9	39	* Revision 1.4 1998/02/20 17:52:32 mdw
	40	* Don't use `df' for noise gathering, because it gets upset when NFS
	41	* servers aren't responding.
	42	*
c758e654	43	* Revision 1.3 1998/01/12 16:46:19 mdw
	44	* Fix copyright date.
	45	*
	46	* Revision 1.2 1997/08/20 16:19:57 mdw
435d981e	47	* Fix test for `/dev/random' so that it doesn't close `stdin' if it fails!
435d981e	48	*
d9fd0b20	49	* Revision 1.1 1997/08/07 09:45:26 mdw
	50	* New source file added to acquire environmental noise and add it to the
	51	* randomness pool (see `rand.c').
	52	*
	53	*/
	54
	55	/----- Header files ------------------------------------------------------/
	56
	57	/* --- ANSI headers --- */
	58
	59	#include <ctype.h>
	60	#include <errno.h>
d2441912	61	#include <signal.h>
d9fd0b20	62	#include <stdio.h>
	63	#include <stdlib.h>
	64	#include <string.h>
	65	#include <time.h>
	66
	67	/* --- Unix headers --- */
	68
	69	#include <sys/types.h>
	70	#include <sys/time.h>
	71
	72	#include "config.h"
	73	#if defined(HAVE_GETRUSAGE)
	74	# include <sys/resource.h>
	75	#elif defined(HAVE_VTIMES)
	76	# include <sys/vtimes.h>
	77	#endif
	78
	79	#include <sys/wait.h>
	80
	81	#include <fcntl.h>
	82	#include <unistd.h>
	83
	84	/* --- Local headers --- */
	85
	86	#include "noise.h"
	87	#include "rand.h"
	88	#include "utils.h"
	89
	90	/----- Main code ---------------------------------------------------------/
	91
	92	/* --- @noise__shell@ --- *
	93	*
	94	* Arguments: @const char *cmd@ = pointer to a shell command
	95	*
	96	* Returns: ---
	97	*
	98	* Use: Adds the output of the shell command to the randomness pool.
	99	* Some care is taken to do the Right Thing when running setuid.
	100	*/
	101
	102	static void noise__shell(const char *cmd)
	103	{
	104	int pfd[2];
	105	pid_t pid;
	106
d2441912	107	#ifdef HAVE_SIGPROCMASK
	108	sigset_t ob, nb;
	109	#endif
	110
d9fd0b20	111	/* --- Create a pipe for talking to the child --- */
	112
	113	if (pipe(pfd))
	114	return;
	115
d2441912	116	/* --- Sort out the signal handling for the parent --- *
	117	*
	118	* Block @SIGCHLD@ while this is going on. Unlike the standard @system@
	119	* function, I won't disable @SIGINT@ and @SIGQUIT@. Then, if the user
	120	* stops the child with a terminal signal, the parent (i.e., me) gets
	121	* killed too, and I don't end up with a tiny dribble of entropy when I'm
	122	* expecting quite a lot.
	123	*/
	124
	125	#ifdef HAVE_SIGPROCMASK
	126	sigemptyset(&nb);
	127	sigaddset(&nb, SIGCHLD);
	128	if (sigprocmask(SIG_BLOCK, &nb, &ob))
	129	goto fail_0;
	130	#endif
	131
d9fd0b20	132	/* --- Create the child process --- */
	133
	134	pid = fork();
	135	if (pid < 0)
d2441912	136	goto fail_1;
d9fd0b20	137
	138	if (pid == 0) {
	139	int fd;
	140	char *argv[] = { "/bin/sh", "-c", 0, 0 };
	141	char *env[] = {
	142	"PATH=/bin:/usr/bin:/usr/ucb:/usr/etc:/sbin:/usr/sbin",
	143	0
	144	};
	145
d2441912	146	/* --- Restore signal handling things --- */
d9fd0b20	147
d2441912	148	#ifdef HAVE_SIGPROCMASK
	149	sigprocmask(SIG_SETMASK, &nb, 0);
	150	#endif
	151
	152	/* --- Become nobody --- *
	153	*
	154	* This assumes that @-2@ is a safe user to be. It shouldn't be root,
	155	* because it doesn't need to be, and nothing should be done as root
	156	* which could be done as someone else. It shouldn't be the user who
	157	* invoked me, because that would enable her to kill the children before
	158	* I've read enough entropy from them, and that wouldn't be good.
	159	*/
	160
	161	setuid(-2);
d9fd0b20	162
	163	/* --- Close the old standard streams --- */
	164
	165	close(0);
	166	close(1);
	167	close(2);
	168
	169	/* --- Set up stdin and stderr to be empty, and stdout as our pipe --- */
	170
	171	if (((fd = open("/dev/null", O_RDONLY)) != 0 &&
	172	(fd = dup2(fd, 0)) != 0) \|\|
	173	((fd = dup2(pfd[1], 1)) != 1) \|\|
	174	((fd = open("/dev/null", O_WRONLY)) != 2 &&
	175	(fd = dup2(fd, 2)) != 2))
	176	goto child_fail;
	177
	178	/* --- Close the original pipe file descriptors --- */
	179
	180	close(pfd[0]);
	181	close(pfd[1]);
	182	burn(pfd);
	183
	184	/* --- Now run the child process --- */
	185
	186	argv[2] = (char )cmd; / POSIX screwed up the prototype */
	187	execve("/bin/sh", argv, env);
	188
	189	/* --- Something went horribly wrong --- */
	190
	191	child_fail:
	192	_exit(127);
	193	}
	194
	195	/* --- Now read from the child until it's all done --- */
	196
	197	{
	198	char buf[1024];
	199	ssize_t sz;
	200
	201	close(pfd[1]);
	202	for (;;) {
	203	sz = read(pfd[0], buf, sizeof(buf));
	204	if (sz == 0 \|\| (sz < 0 && sz != EINTR))
	205	break;
	206	rand_add(buf, sz);
	207	}
	208	close(pfd[0]);
	209	rand_add(pfd, sizeof(pfd));
	210	burn(buf); burn(pfd);
	211	}
	212
	213	/* --- The child should be dead now, so wait for it --- */
	214
	215	{
	216	int st;
d9fd0b20	217	wait(&st);
	218	rand_add(&st, sizeof(st));
	219	rand_add(&pid, sizeof(pid));
	220	}
d2441912	221
	222	/* --- Restore signals --- */
	223
	224	fail_1:
	225	#ifdef HAVE_SIGPROCMASK
	226	sigprocmask(SIG_SETMASK, &ob, 0);
	227	#endif
	228	fail_0:;
d9fd0b20	229	}
	230
	231	/* --- @noise_acquire@ --- *
	232	*
	233	* Arguments: ---
	234	*
	235	* Returns: ---
	236	*
	237	* Use: Attempts to acquire an amount of random noise from the
	238	* environment. A lot of it's not actually much good, but
	239	* it's better than nothing. There's probably a bit or two's
	240	* worth in each item which gets added.
	241	*/
	242
	243	void noise_acquire(void)
	244	{
	245	/* --- Try a real random number source --- *
	246	*
	247	* Some operating systems (notably Linux) provide a `/dev/random' which
	248	* contains distilled random numbers from the outside world.
	249	*/
	250
	251	{
	252	int fd;
	253	int f;
	254	unsigned char buff[64];
	255	ssize_t sz;
	256
435d981e	257	if ((fd = open("/dev/random", O_RDONLY)) >= 0 &&
d9fd0b20	258	(f = fcntl(fd, F_GETFL, 0)) >= 0 &&
	259	fcntl(fd, F_SETFL, f \| O_NONBLOCK) >= 0 &&
	260	(sz = read(fd, buff, sizeof(buff))) > 0) {
	261	rand_add(buff, sz);
	262	burn(buff);
	263	}
	264	if (fd >= 0)
	265	close(fd);
	266	}
	267
	268	/* --- Squeeze some entropy from the current time --- */
	269
	270	{
	271	struct timeval tv;
	272	clock_t c;
	273
	274	gettimeofday(&tv, 0);
	275	c = clock();
	276	rand_add(&tv, sizeof(tv));
	277	rand_add(&c, sizeof(c));
	278	burn(tv); burn(c);
	279	}
	280
	281	/* --- Try some commands which ask the outside world some questions --- */
	282
ae37bd45	283	noise__shell("ps auxww \|\| ps -ef; netstat -an");
d9fd0b20	284
	285	/* --- Get our resource usage to see if that's at all interesting --- */
	286
	287	#if defined(HAVE_GETRUSAGE)
	288	{
	289	struct rusage ru;
	290	getrusage(RUSAGE_SELF, &ru);
	291	rand_add(&ru, sizeof(ru));
	292	getrusage(RUSAGE_CHILDREN, &ru);
	293	rand_add(&ru, sizeof(ru));
	294	burn(ru);
	295	}
	296	#elif defined(HAVE_VTIMES)
	297	{
	298	struct vtimes vt, vtc;
	299	vtimes(&vt, &vtc);
	300	rand_add(&vt, sizeof(vt));
	301	rand_add(&vtc, sizeof(vtc));
	302	burn(vt); burn(vtc);
	303	}
	304	#endif
	305
	306	/* --- Squeeze some more entropy from the current time --- */
	307
	308	{
	309	struct timeval tv;
	310	clock_t c;
	311
	312	gettimeofday(&tv, 0);
	313	c = clock();
	314	rand_add(&tv, sizeof(tv));
	315	rand_add(&c, sizeof(c));
	316	burn(tv); burn(c);
	317	}
	318
	319	/* --- Done -- churn the random pool --- */
	320
	321	rand_churn();
	322	}
	323
	324	/----- That's all, folks -------------------------------------------------/