Date: Thu, 6 Sep 2012 10:27:51 -0700 From: David O'Brien <obrien@FreeBSD.org> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120906172751.GD14757@dragon.NUXI.org> In-Reply-To: <20120903013120.262a34fc@gumby.homeunix.com> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org> <20120903005708.7082f230@gumby.homeunix.com> <20120903013120.262a34fc@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 03, 2012 at 01:31:20AM +0100, RW wrote:
> I see that in CURRENT the order is reversed, but it's still repeating
> the same problem of saturating the buffers. Now most of of the
> low-grade entropy is going to be lost include the date, which in almost
> all cases would have eliminated any problem with a reused entropy file.
Given the limited buffer space we have, I'm not sure what else we could
do. Artifically delay the better_than_nothing()? That seems too fragile
and hackish.
Arthur wanted to commit this:
--- initrandom 2012-09-05 13:38:13.000000000 -0700
+++ initrandom,amesh 2012-08-22 16:54:03.000000000 -0700
@@ -18,6 +18,8 @@ feed_dev_random()
{
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
+ else
+ return 1
fi
}
@@ -72,16 +69,16 @@ initrandom_start()
#
case ${entropy_file} in
[Nn][Oo] | '')
+ better_than_nothing
;;
*)
if [ -w /dev/random ]; then
- feed_dev_random "${entropy_file}"
+ feed_dev_random "${entropy_file}" \
+ || better_than_nothing
fi
;;
esac
- better_than_nothing
-
echo -n ' kickstart'
fi
to reduce what could be the useless better_than_nothing() run.
--
-- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906172751.GD14757>