Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Sep 2012 21:47:09 +0000 (UTC)
From:      "David E. O'Brien" <obrien@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r240108 - head/etc/rc.d
Message-ID:  <201209042147.q84Ll92Y023832@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: obrien
Date: Tue Sep  4 21:47:09 2012
New Revision: 240108
URL: http://svn.freebsd.org/changeset/base/240108

Log:
  * Rather than run the same 'ps' command twice, add 'kenv' which often
    gives machine unique values from the firmware.
  * The kernel is more likely to be unique than /bin/ls (but no need to
    stuff many megabytes into /dev/random, so hash it).
  * Change ordering to give larger variance across reboots to reduce
    predictability.

Modified:
  head/etc/rc.d/initrandom

Modified: head/etc/rc.d/initrandom
==============================================================================
--- head/etc/rc.d/initrandom	Tue Sep  4 21:40:53 2012	(r240107)
+++ head/etc/rc.d/initrandom	Tue Sep  4 21:47:09 2012	(r240108)
@@ -27,9 +27,11 @@ better_than_nothing()
 	# harvesting rate.
 	# Entropy below is not great, but better than nothing.
 	# This unblocks the generator at startup
-	( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
+	# Note: commands are ordered to cause the most variance across reboots.
+	( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
+	    | dd of=/dev/random bs=8k 2>/dev/null
+	/sbin/sha256 -q `sysctl -n kern.bootfile` \
 	    | dd of=/dev/random bs=8k 2>/dev/null
-	cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
 }
 
 initrandom_start()



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209042147.q84Ll92Y023832>