alt Hacker NewsRe-seeding is easy. The hard parts are (a) finding everything which needs to be reseeded -- not just explicit RNGs but also things like keys used to pick outgoing port numbers in a pseudorandom order -- and (b) making sure that all the relevant code becomes aware that it was just forked -- not necessarily trivial given that there's no standard "you just got restarted from a snapshot" signal in UNIX.
Replies
aa-jv • yesterday at 1:28 PM
Isn't this what -HUP is supposed to be for in the first place? Maybe a -STOP/-HUP/-HUP situation?
➕ show 1 reply
I would have thought that in the days of containers, we'd have better tooling around this. Sounds like a goldmine for vuln research!