Closed
Bug 819775
Opened 12 years ago
Closed 11 years ago
js_InitRandom: Don't use pointer values in seeding the random number generator
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
People
(Reporter: jorendorff, Unassigned)
Details
(Keywords: sec-moderate, Whiteboard: [js:t][adv-main21+])
Follow-up to bug 811355. We have this code (word-wrapped for bugzilla): > void > js_InitRandom(JSContext *cx) > { > /* > * Set the seed from current time. Since we have a RNG per context and we > * often bring up several contexts at the same time, we xor in some > * additional values, namely the context and its successor. We don't just > * use the context because it might be possible to reverse engineer the > * context pointer if one guesses the time right. > */ > random_setSeed(&cx->rngSeed, > (PRMJ_Now() / 1000) ^ int64_t(cx) ^ int64_t(cx->getNext())); > } cx->getNext() is always null here. This is not exploitable by itself, but I'd be shocked if an attacker couldn't recover cx. sec-moderate.
Reporter | ||
Comment 1•12 years ago
|
||
What to do about it? It depends on the desired behavior. Maybe all we're trying to avoid is opening a JS demo in four windows and having the random number stream be the same in all four; that is, avoid having the non-randomness be embarrassingly obvious. If that's the case, we can use rt->nonce++ instead of int64_t(cx). If there is any security requirement at all, the weakest one I can think of is: Scripts in one domain should not be able to guess the RNG seed of a new window in another domain. That is actually a reasonable property to consider providing. And we can file a separate bug in the clear for that, and land it, and it'll look like a general tightening-up rather than a fix for an existing issue. (I don't know how to do it short of going to the OS for secure-random bits, at least once per runtime and more likely once per context. But that's an acceptable cost, right?)
Reporter | ||
Comment 2•12 years ago
|
||
Aside: The random number seed should be per-global (stored in JSCompartment) rather than per-context anyway.
Reporter | ||
Comment 3•12 years ago
|
||
Talked it over with decoder and settled on the rt->nonce++ approach. Patch posted in bug 820180.
Updated•12 years ago
|
Whiteboard: [js:t]
Reporter | ||
Comment 4•11 years ago
|
||
Fixed in bug 820180.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
status-b2g18:
--- → wontfix
status-firefox-esr10:
--- → wontfix
status-firefox21:
--- → fixed
status-firefox-esr17:
--- → wontfix
tracking-firefox21:
--- → +
Updated•11 years ago
|
Whiteboard: [js:t] → [js:t][adv-main20+]
Updated•11 years ago
|
Whiteboard: [js:t][adv-main20+] → [js:t][adv-main21+]
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•