From owner-freebsd-security@FreeBSD.ORG Tue Sep 4 23:37:16 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9FA4E106564A; Tue, 4 Sep 2012 23:37:16 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 5BF1D8FC08; Tue, 4 Sep 2012 23:37:16 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 923116D5B; Wed, 5 Sep 2012 01:37:15 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 5D48682E2; Wed, 5 Sep 2012 01:37:15 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Doug Barton References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> Date: Wed, 05 Sep 2012 01:37:15 +0200 In-Reply-To: <5043DBAF.40506@FreeBSD.org> (Doug Barton's message of "Sun, 02 Sep 2012 15:20:31 -0700") Message-ID: <86y5kpcqc4.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@FreeBSD.org, freebsd-rc@FreeBSD.org, Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2012 23:37:16 -0000 (shameless thread hijacking) Speaking of rc.d and entropy, is the following code in /etc/rc.d/sshd really necessary? seeded=3D`sysctl -n kern.random.sys.seeded 2>/dev/null` if [ "x${seeded}" !=3D "x" ] && [ ${seeded} -eq 0 ] ; then warn "Setting entropy source to blocking mode." echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D" echo "Type a full screenful of random junk to unblock" echo "it and remember to finish with . This will" echo "timeout in ${timeout} seconds, but waiting for" echo "the timeout without typing junk may make the" echo "entropy source deliver predictable output." echo "" echo "Just hit for fast+insecure startup." echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D" sysctl kern.random.sys.seeded=3D0 2>/dev/null read -t ${timeout} junk echo "${junk}" `sysctl -a` `date` > /dev/random fi Considering, among other factors, how late in the boot sshd actually starts, and how much disk and / or network activity has occurred by that point. I don't believe this was how it was initially supposed to work, by the way. The original code *intentionally* always blocked, but it was slightly obfuscated. Two years after it was written, someone who misunderstood it submitted a PR, and several other someones who didn't understand it either came up with an incorrect fix and committed it. Neither Mark, who wrote the original code, nor I, who was (and still am) the OpenSSH maintainer, were consulted. BTW, it might be a good idea to run "/etc/rc.d/sshd keygen" from the installer if sshd is enabled during installation. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no