Date: Mon, 3 Sep 2012 10:15:38 -0700 From: Arthur Mesh <arthurmesh@gmail.com> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, freebsd-rc@FreeBSD.org, Mark Murray <markm@FreeBSD.org>, "David E. O'Brien" <obrien@FreeBSD.org> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <20120903171538.GM1464@x96.org> In-Reply-To: <5043DBAF.40506@FreeBSD.org> References: <201208221843.q7MIhLU4077951@svn.freebsd.org> <5043DBAF.40506@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug,
On Sun, Sep 02, 2012 at 03:20:31PM -0700, Doug Barton wrote:
> In the third case, the system boots, but is then rebooted again before
> the cron interval has had a chance to replace even 1 file. This is the
> case where removing the old entropy is particularly pathological. It
I believe you're missing the point that we don't just cleanup old
entropy file -- we re-generate it via "/etc/rc.d/random fastsaveseed" call in
postrandom_start()
> > +extra_commands="saveseed"
> > +saveseed_cmd="${name}_stop"
>
> I don't understand the need for this.
That's how "/etc/rc.d/random fastsaveseed" translates in to "/etc/rc.d/random
stop", which does the jobs of re-generating seed file.
In the end, assuming machine boots up passed postrandom script, we're left with
no stale seed files, but a freshly generated ${entropy_file_confirmed}, which
should be sufficient to seed next bootup.
Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120903171538.GM1464>