From owner-freebsd-current@FreeBSD.ORG  Wed Apr 14 10:44:09 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4AFB116A4CE; Wed, 14 Apr 2004 10:44:09 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EE41943D46; Wed, 14 Apr 2004 10:44:08 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i3EHhUPq072303;
	Wed, 14 Apr 2004 13:43:30 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i3EHhUvd072300;
	Wed, 14 Apr 2004 13:43:30 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 14 Apr 2004 13:43:30 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: masta <diz@linuxpowered.com>
In-Reply-To: <407D76F2.3020202@linuxpowered.com>
Message-ID: <Pine.NEB.3.96L.1040414134217.70783D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: Mark Murray <markm@FreeBSD.ORG>
cc: Chuck Swiger <cswiger@mac.com>
cc: freebsd-current@FreeBSD.ORG
Subject: Re: dev/random
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2004 17:44:09 -0000


On Wed, 14 Apr 2004, masta wrote:

> >>Anyway, in the circumstances pertaining to this thread, aren't we
> >>talking about diskless clients in a university lab, and an
> >>access-controlled fileserver locked away in a rack somewhere which has
> >>the disks? 
> >>
> >
> >I have to say that if you're loading your kernel out of TFTP, and your
> >root file system is running out of NFS, the chances are you won't mind
> >loading /entropy out of NFS.
> >
> Why? We got a NFSv4 client in base.
> Not that this is a highly-likely situation today, I'm just saying anyways.

What I'm saying is: DHCP is pretty insecure against local area attacks, as
is TFTP, so concerns about storing security-related state in NFS for such
systems probably aren't such a big deal.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research