Date: Sun, 24 Jul 2005 15:57:38 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Colin Percival <cperciva@freebsd.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, "Andrey A. Chernov" <ache@FreeBSD.org>, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <20050724135738.GM46538@darkness.comp.waw.pl> In-Reply-To: <42E337A6.8060206@freebsd.org> References: <200507231824.j6NIOl6v034122@repoman.freebsd.org> <42E337A6.8060206@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Jul 23, 2005 at 11:39:34PM -0700, Colin Percival wrote: +> Andrey A. Chernov wrote: +> > FreeBSD src repository +> > +> > Modified files: +> > games/fortune/fortune fortune.c +> > Log: +> > My change, namely srandomdev() addition, was backed out even without +> > discussing with me, and I obviously disagree seeing that afterwards +> > (srandomdev() back out not fix any thing, it can only mask the problem). +> > +> > So, back out the back out and return srandomdev(). +> +> Approved by: security-officer (cperciva) +> +> Any change which helps to make a security problem obvious is a good thing, and +> a commit which (like revision 1.28) simply hides a security problem from users +> is Not Desired. We should probably test entropy quality on boot. I've somewhere userland version of /sys/dev/rndtest/ which implements FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users. -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFC455SForvXbEpPzQRAqowAJ43wKFnHiS+bstpGSASafDtv869QwCffv+7 ng3ntPVPFdFdEqIvF2iXGYY= =zOQ9 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050724135738.GM46538>