From owner-freebsd-security@FreeBSD.ORG Wed Sep 12 07:55:36 2012 Return-Path: <owner-freebsd-security@FreeBSD.ORG> Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 512491065670; Wed, 12 Sep 2012 07:55:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 04D0D14DED1; Wed, 12 Sep 2012 07:55:34 +0000 (UTC) Message-ID: <50503FF6.4050605@FreeBSD.org> Date: Tue, 11 Sep 2012 21:55:34 -1000 From: Doug Barton <dougb@FreeBSD.org> Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: Ian Lepore <freebsd@damnhippie.dyndns.org> References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> <20120911054608.GA72584@dragon.NUXI.org> <1347373256.1137.52.camel@revolution.hippie.lan> In-Reply-To: <1347373256.1137.52.camel@revolution.hippie.lan> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-rc@FreeBSD.ORG, obrien@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, RW <rwmaillists@googlemail.com>, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, Xin Li <delphij@delphij.net> Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security> List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 12 Sep 2012 07:55:36 -0000 On 09/11/2012 04:20 AM, Ian Lepore wrote: > On Mon, 2012-09-10 at 22:46 -0700, David O'Brien wrote: >> >>> -r just changes the sort order, which is probably pointless. >> >> I'm not wedded to "-r", but since you're proposing this to not use "-r", >> which Ian Lepore suggested after instrumenting /etc/rc.d/initrandom and >> looking at the output, please show a diff of two boots with "-r" and >> without "-r" so can see what the change really is. >> > > I observed that the order of displayed processes could differ from one > reboot to the next, even on an embedded system where little else > differed. It seemed to me that a difference in order, while small, > might be significant. Yes, even small changes that early in the process help with the replay scenario, even if they don't feed a large amount of unique entropy into the device. Doug