From owner-freebsd-rc@FreeBSD.ORG Sun Sep 2 22:20:32 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 3EBDF106564A; Sun, 2 Sep 2012 22:20:32 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 0B99B14EE6C; Sun, 2 Sep 2012 22:20:32 +0000 (UTC) Message-ID: <5043DBAF.40506@FreeBSD.org> Date: Sun, 02 Sep 2012 15:20:31 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:14.0) Gecko/20120728 Thunderbird/14.0 MIME-Version: 1.0 To: "David E. O'Brien" References: <201208221843.q7MIhLU4077951@svn.freebsd.org> In-Reply-To: <201208221843.q7MIhLU4077951@svn.freebsd.org> X-Enigmail-Version: 1.4.3 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-security@FreeBSD.org, freebsd-rc@FreeBSD.org, Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Sep 2012 22:20:32 -0000 On 08/22/2012 11:43, David E. O'Brien wrote: > Author: obrien > Date: Wed Aug 22 18:43:21 2012 > New Revision: 239569 > URL: http://svn.freebsd.org/changeset/base/239569 > > Log: > Remove old entropy seeding after consumption initializing /dev/random PRNG. > Not doing so opens us up to replay attacks. I object to this change, and would like to see it discussed more. When I did the original implementation of the entropy seeding scripts this issue was discussed, and the decision not to remove the entropy after seeding was deliberate. There are 3 possibilities. First, the system boots normally, gets seeded, and runs for a period of time longer than ($entropy_save_num x cron interval), which by default is 88 minutes. In this case all of the entropy files will be replaced, so the "postrandom" change will be spurious. In the second case, the system boots successfully, gets seeded, but runs for less than the default 88 minutes. In that case there will be at least (uptime / cron interval) new files, and the same number of old files removed. So while some of the entropy will be "stale" at next reboot, it won't all be the same, so even the stale entropy is better than nothing in helping to reseed. In the third case, the system boots, but is then rebooted again before the cron interval has had a chance to replace even 1 file. This is the case where removing the old entropy is particularly pathological. It reduces the available seeding material without adding anything new. From a security perspective, that's worse than the possibility of a replay attack. For all 3 cases, it's important to keep in mind a few things. Primarily, yarrow is designed to avoid exactly the kind of "replay" problem that this change was intended to fix, so it's almost certainly at best unnecessary. Of nearly equal importance it should be kept in mind that we add a non-zero amount of unique material at every boot, so a true replay attack isn't possible, even without this change. In short, this change is at best unnecessary, and possibly detrimental. I'd like to see the postrandom script backed out, but I'll leave it open for others to comment. On a less serious note: > Modified: head/etc/rc.d/random > ============================================================================== > --- head/etc/rc.d/random Wed Aug 22 18:35:17 2012 (r239568) > +++ head/etc/rc.d/random Wed Aug 22 18:43:21 2012 (r239569) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: random > -# REQUIRE: var initrandom > +# REQUIRE: initrandom var This change is spurious, rcorder(8) doesn't care what order they come in. > # BEFORE: netif > # KEYWORD: nojail shutdown > > @@ -14,6 +14,9 @@ name="random" > start_cmd="random_start" > stop_cmd="random_stop" > > +extra_commands="saveseed" > +saveseed_cmd="${name}_stop" I don't understand the need for this. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)