From owner-freebsd-security@FreeBSD.ORG  Mon Jul 25 16:22:26 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@FreeBSD.ORG
Delivered-To: freebsd-security@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA45D16A41F;
	Mon, 25 Jul 2005 16:22:26 +0000 (GMT)
	(envelope-from ache@nagual.pp.ru)
Received: from nagual.pp.ru (nagual.pp.ru [194.87.13.69])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E1A743D46;
	Mon, 25 Jul 2005 16:22:26 +0000 (GMT)
	(envelope-from ache@nagual.pp.ru)
Received: from nagual.pp.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.13.4/8.13.4) with ESMTP id j6PGMOla093442;
	Mon, 25 Jul 2005 20:22:24 +0400 (MSD)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.13.4/8.13.4/Submit) id j6PGMOZN093441;
	Mon, 25 Jul 2005 20:22:24 +0400 (MSD) (envelope-from ache)
Date: Mon, 25 Jul 2005 20:22:24 +0400
From: Andrey Chernov <ache@FreeBSD.ORG>
To: Doug Barton <dougb@FreeBSD.ORG>
Message-ID: <20050725162224.GA93242@nagual.pp.ru>
Mail-Followup-To: Andrey Chernov <ache@freebsd.org>,
	Doug Barton <dougb@FreeBSD.ORG>,
	Colin Percival <cperciva@FreeBSD.ORG>,
	Poul-Henning Kamp <phk@haven.freebsd.dk>,
	Pawel Jakub Dawidek <pjd@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
References: <20050724135738.GM46538@darkness.comp.waw.pl>
	<64009.1122213962@phk.freebsd.dk>
	<20050724181912.GO46538@darkness.comp.waw.pl>
	<42E3DF1E.9040405@freebsd.org> <42E437AA.1050307@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42E437AA.1050307@FreeBSD.org>
User-Agent: Mutt/1.5.9i
Cc: Poul-Henning Kamp <phk@haven.freebsd.dk>,
	Pawel Jakub Dawidek <pjd@FreeBSD.ORG>,
	Colin Percival <cperciva@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
Subject: Re: cvs commit: src/games/fortune/fortune fortune.c
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2005 16:22:27 -0000

On Sun, Jul 24, 2005 at 05:51:54PM -0700, Doug Barton wrote:
> entropy_save_num="17"   # Number of entropy cache files to save.
> 
> And haven't seen any problems with repetitive fortunes in the last 2 days. 

Could you inspect old saved entries in setup when the bug is active? Are 
they the same across reboot? If no, it is dangerous too (probably bug in 
kernel random.c). As I read the code, even single _different_ byte will be 
enough to seed /dev/random to different values.

-- 
http://ache.pp.ru/