Re-seeding is easy. The hard parts are (a) finding everything which needs to be reseeded -- not just explicit RNGs but also things like keys used to pick outgoing port numbers in a pseudorandom order -- and (b) making sure that all the relevant code becomes aware that it was just forked -- not necessarily trivial given that there's no standard "you just got restarted from a snapshot" signal in UNIX.

▲

Intermernet 2 days ago | parent | next [-]

I would have thought that in the days of containers, we'd have better tooling around this. Sounds like a goldmine for vuln research!

▲

aa-jv 2 days ago | parent | prev [-]

Isn't this what -HUP is supposed to be for in the first place? Maybe a -STOP/-HUP/-HUP situation?

▲

treyd 2 days ago | parent [-]

HUP is short for "hangup" which was supposed to be sent when the tty controlling the session the process is in hung up.

	▲	aa-jv 29 minutes ago \| parent [-]
		Right, so tty's go stale prior to the freeze and they must be renewed after the freeze .. seems to me there's a missing system heuristic here.