Date: Thu, 6 Sep 2012 10:27:51 -0700 From: David O'Brien <obrien@FreeBSD.org> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120906172751.GD14757@dragon.NUXI.org> In-Reply-To: <20120903013120.262a34fc@gumby.homeunix.com> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903005708.7082f230@gumby.homeunix.com> <20120903013120.262a34fc@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 03, 2012 at 01:31:20AM +0100, RW wrote: > I see that in CURRENT the order is reversed, but it's still repeating > the same problem of saturating the buffers. Now most of of the > low-grade entropy is going to be lost include the date, which in almost > all cases would have eliminated any problem with a reused entropy file. Given the limited buffer space we have, I'm not sure what else we could do. Artifically delay the better_than_nothing()? That seems too fragile and hackish. Arthur wanted to commit this: --- initrandom 2012-09-05 13:38:13.000000000 -0700 +++ initrandom,amesh 2012-08-22 16:54:03.000000000 -0700 @@ -18,6 +18,8 @@ feed_dev_random() { if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null + else + return 1 fi } @@ -72,16 +69,16 @@ initrandom_start() # case ${entropy_file} in [Nn][Oo] | '') + better_than_nothing ;; *) if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" + feed_dev_random "${entropy_file}" \ + || better_than_nothing fi ;; esac - better_than_nothing - echo -n ' kickstart' fi to reduce what could be the useless better_than_nothing() run. -- -- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906172751.GD14757>