Comment by cperciva
5 days ago
Re-seeding is easy. The hard parts are (a) finding everything which needs to be reseeded -- not just explicit RNGs but also things like keys used to pick outgoing port numbers in a pseudorandom order -- and (b) making sure that all the relevant code becomes aware that it was just forked -- not necessarily trivial given that there's no standard "you just got restarted from a snapshot" signal in UNIX.
I would have thought that in the days of containers, we'd have better tooling around this. Sounds like a goldmine for vuln research!
Isn't this what -HUP is supposed to be for in the first place? Maybe a -STOP/-HUP/-HUP situation?
HUP is short for "hangup" which was supposed to be sent when the tty controlling the session the process is in hung up.
Right, so tty's go stale prior to the freeze and they must be renewed after the freeze .. seems to me there's a missing system heuristic here.