Page MenuHomeFreeBSD

bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
ClosedPublic

Authored by marieheleneka_gmail.com on Sep 21 2017, 1:25 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 16, 3:48 PM
Unknown Object (File)
Oct 27 2024, 11:54 AM
Unknown Object (File)
Sep 27 2024, 7:30 PM
Unknown Object (File)
Sep 24 2024, 12:10 PM
Unknown Object (File)
Sep 24 2024, 12:56 AM
Unknown Object (File)
Sep 15 2024, 10:36 PM
Unknown Object (File)
Sep 13 2024, 9:05 PM
Unknown Object (File)
Sep 9 2024, 2:19 AM
Subscribers

Details

Summary

Current behaviour
When kern.randompid is enabled via the the bsdinstall(8) hardening menu, a random value is generated and placed in the systems /etc/sysctl.conf as kern.randompid=value
This makes the value of kern.randompid be static across reboots.

New behaviour
When kern.randompid is enabled via the bsdinstall(8) hardening menu, the line kern.randompid=1 is placed in the systems /etc/sysctl.conf.
This makes the value of kern.randompid be randomized on each reboot.

Suggested commit message
Enabling PID randomization in bsdinstall(8)'s hardening menu now randomizes the effective value of kern.randompid on each boot.

Submitted by Marie Helene Kvello-Aune <marieheleneka@gmail.com>
Differential revision https://reviews.freebsd.org/D12433

Test Plan

Apply patch and create installation media
Install on a VM or equevalent. In the hardening menu, enable PID randomization.

Expected result
The installation should work as normal, and a line "kern.randompid=1" should appear in the freshly installed systems /etc/sysctl.conf

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This builds on r323390, right?

If I understand it correctly that '1' maps to a random PID modulus between 100 and 1123, while this currently sets one from 1 (probably bumped to 100) to 9999. I don't know if the reduction of 9999 to 1123 has any practical consequences.

In D12433#257843, @kristof wrote:

This builds on r323390, right?

It builds on the previous work committed in rS323390, yes.

/* discard

  1. cd /usr/src/usr.sbin/bsdinstall
  2. make clean && make

produces no errors, but I don't think the scripts are compiled in any way, so it'd be a bad test.

I have *not* performed the outlined test procedure yet. (I need to figure out how to create custom install media :P)

/ End discard */

If I understand it correctly that '1' maps to a random PID modulus between 100 and 1123, while this currently sets one from 1 (probably bumped to 100) to 9999. I don't know if the reduction of 9999 to 1123 has any practical consequences.

re: value generated by jot: That's how I understand it.
re: value of kern.randompid: PID randomization increments PID by a random value within a boundary of 1 to kern.randompid. Changing the maximum value from 9999 to 1123 (in the current implementation) reduces the maximum potential PID increment for each fork.
If this is a concern I suggest we address it in the implementation of setting "kern.randompid" to 1. The upper bound was briefly commented in D12238.

The current code has a 1 in 9,999 chance of setting the modulus to 1, which until recently actually disabled randomization...

Setting it to 1 currently means “pick something at boot time”. Whether that makes sense is open to debate (Colin says it's harmless but also pointless) but is also orthogonal to this change, which just moves the decision from the installer to the kernel.

This revision is now accepted and ready to land.Sep 21 2017, 3:13 PM

Just adding that I've run the test procedure by creating a custom installation media and installing to a VM. Ticking the PID randomization checkbox works as intended.

This revision was automatically updated to reflect the committed changes.