Date: Thu, 6 Sep 2012 14:36:42 -0700 From: David O'Brien <obrien@FreeBSD.org> To: Dag-Erling =?unknown-8bit?B?U23DuHJncmF2?= <des@des.no> Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-security@FreeBSD.org, Doug Barton <dougb@FreeBSD.org>, freebsd-rc@FreeBSD.org, Mark Murray <markm@FreeBSD.org> Subject: Re: svn commit: r239598 - head/etc/rc.d Message-ID: <20120906213642.GA18396@dragon.NUXI.org> In-Reply-To: <20120906200325.GA17159@dragon.NUXI.org> References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <20120904220126.GA85339@dragon.NUXI.org> <50468326.8070009@FreeBSD.org> <20120906164514.GA14757@dragon.NUXI.org> <867gs7qcsl.fsf@ds4.des.no> <20120906184400.GF13179@dragon.NUXI.org> <86lignot6a.fsf@ds4.des.no> <20120906200325.GA17159@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2012 at 01:03:25PM -0700, David O'Brien (@FreeBSD) wrote:
> I already said an attacker could have a local login on the system.
> That would give them full knowledge of the kenv output.
> Same attacker can figure out the 'date' output from uptime, etc...
Note that this flies somewhat in the face of my argument for 'postrandom'
based on Schneier's writings on deleting the seed file after it used.
Please remember this is for better_than_nothing().
I like Arthur's patch that avoids calling better_than_nothing() if we
feed_dev_random() with ${entropy_file}.
--
-- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120906213642.GA18396>