From owner-freebsd-security@FreeBSD.ORG Wed Sep 12 20:33:33 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA1C9106566B; Wed, 12 Sep 2012 20:33:33 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 8D41B8FC0A; Wed, 12 Sep 2012 20:33:33 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 04B89B93B; Wed, 12 Sep 2012 16:33:33 -0400 (EDT) From: John Baldwin To: freebsd-security@freebsd.org Date: Wed, 12 Sep 2012 16:28:17 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p17; KDE/4.5.5; amd64; ; ) References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> In-Reply-To: <504F0687.7020309@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201209121628.18088.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Wed, 12 Sep 2012 16:33:33 -0400 (EDT) Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-rc@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 20:33:33 -0000 On Tuesday, September 11, 2012 5:38:15 am Doug Barton wrote: > >>> Also, both jbh <201209050944.38042.jhb@freebsd.org> and RW > >>> <20120905021248.5a17ace9@gumby.homeunix.com> feel this likely does > >>> happen just from reading the code. Please explain from either > >>> (1) a code reading, or (2) your own instrumented kernel that dropping > >>> of input to /dev/random does not occur. > >> > >> Once again, you're the one asserting that there is a problem with a > >> system that has worked well for 12 years, so the burden of proof is on > >> you. That said, I'm interested in Arthur's evidence. > > > > Are you not a sufficient C programmer that you couldn't hack this up > > yourself with the amount of time you've spent arguing it? > > Seriously. Stop being such an ass. > > I've said lots of times now that my FreeBSD time is limited, and THE > BURDEN OF PROOF IS ON YOU. If you think it's easy, whip it up. If you're > right, the truth will benefit all of us. Having watched this thread mostly from the outside, I have to say this much: this is a really rediculous argument that works both ways. Just because we don't have a documented vulnerability doesn't mean it doesn't exist either. Also, you are clearly wrong about /dev/random dropping input and refuse to admit that. To me that taints all your other claims and really weakens your arguments. -- John Baldwin