From owner-freebsd-security@FreeBSD.ORG  Tue Sep 11 21:17:32 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 664)
	id 9DB2B1065672; Tue, 11 Sep 2012 21:17:31 +0000 (UTC)
Date: Tue, 11 Sep 2012 14:17:30 -0700
From: David O'Brien <obrien@FreeBSD.org>
To: d@delphij.net
Message-ID: <20120911211730.GB89188@dragon.NUXI.org>
References: <20120906174247.GB13179@dragon.NUXI.org>
	<20120906230157.5307a21f@gumby.homeunix.com>
	<20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org>
	<20120911061530.GA77399@dragon.NUXI.org>
	<504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no>
	<20120911205302.27484fd6@gumby.homeunix.com>
	<20120911200925.GA88456@dragon.NUXI.org>
	<504FA76A.5000209@delphij.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <504FA76A.5000209@delphij.net>
X-Operating-System: FreeBSD 10.0-CURRENT
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Arthur Mesh <arthurmesh@gmail.com>, Doug Barton <dougb@FreeBSD.org>,
	freebsd-rc@freebsd.org, freebsd-security@freebsd.org,
	RW <rwmaillists@googlemail.com>,
	Dag-Erling =?unknown-8bit?B?77+9?= <des@des.no>
Subject: Re: svn commit: r239569 - head/etc/rc.d
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: obrien@freebsd.org
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 21:17:32 -0000

On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote:
> So if I was to implement the low grade part I'd remove the variable
> names from the sysctl output at minimum.


I've removed the MIB names in my latest diff (based on input from this
thread):

+	( dmesg; kenv; df -ib; \
+	    ps -fauxrH -o majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time; \
+	    sysctl -n kern.cp_times kern.geom kern.lastpid kern.timecounter \
+	    kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \
+	    date ) \
+	    | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null

I don't believe I've sent out an updated diff yet.  The above is updated
from what sent in Message-ID: <20120910135218.GA68128@dragon.NUXI.org>.

-- 
-- David  (obrien@FreeBSD.org)