Date: Thu, 20 Sep 2012 16:29:47 -0700 From: David O'Brien <obrien@FreeBSD.org> To: Jonathan Anderson <jonathan@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, RW <rwmaillists@googlemail.com>, Mariusz Gromada <mariusz.gromada@gmail.com>, Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120920232947.GA40126@dragon.NUXI.org> In-Reply-To: <269BF2927F4A4BB5B0F4A4155F2294A6@FreeBSD.org> References: <20120918211422.GA1400@garage.freebsd.pl> <A8FD98DD94774D00B4E5F78D3174C1B4@gmail.com> <20120919192923.GA1416@garage.freebsd.pl> <20120919205331.GE1416@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> <269BF2927F4A4BB5B0F4A4155F2294A6@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 20, 2012 at 11:32:53AM +0100, Jonathan Anderson wrote: > As I believe theraven@ pointed out a couple of days ago: it is very > silly indeed that we are taking data generated by the kernel (process ... I thought I had mentioned something like this in the rc.d thread, but it seems it was to an internal $WORK thread. It would seem to me that adding a 'initialize_devrandom_seeding' sysctl for use in 'initrandom' or the single-user user could be better than running userland commands (sysctl, dmesg, kenv) or being restricted to commands in /[s]bin where there are some interesting ones in /usr/bin that aren't available to 'initrandom'. This would allow us to specify >0 bits entropy from this data. -- -- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120920232947.GA40126>