From owner-freebsd-current@FreeBSD.ORG Tue Dec 24 23:25:57 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C8D3214; Tue, 24 Dec 2013 23:25:57 +0000 (UTC) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1681418E7; Tue, 24 Dec 2013 23:25:56 +0000 (UTC) Received: from [10.20.30.90] (50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id rBONPonD058846 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 24 Dec 2013 16:25:52 -0700 (MST) (envelope-from phoffman@proper.com) X-Authentication-Warning: hoffman.proper.com: Host 50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41] claimed to be [10.20.30.90] Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: [PATCH RFC] Disable save-entropy in jails From: Paul Hoffman In-Reply-To: <52BA1065.6000403@delphij.net> Date: Tue, 24 Dec 2013 15:26:06 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <52B9F232.1090002@delphij.net> <278988C7-1749-413D-A5E2-ABE6753B3766@proper.com> <52BA1065.6000403@delphij.net> To: d@delphij.net X-Mailer: Apple Mail (2.1827) X-Mailman-Approved-At: Wed, 25 Dec 2013 02:57:28 +0000 Cc: "freebsd-security@freebsd.org" , FreeBSD Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2013 23:25:57 -0000 On Dec 24, 2013, at 2:53 PM, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > On 12/24/13 14:36, Paul Hoffman wrote: >> On Dec 24, 2013, at 12:44 PM, Xin Li wrote: >>=20 >>> I think we shouldn't save entropy inside jails, as the data is >>> not going to be used by rc script (pjd@126744). If there is no=20 >>> objections, I will commit this changeset on January 1, 2014. >>=20 >> Even if it is not used by an rc script, it might be used by some=20 >> userland program (running as root, of course) that knows about the=20 >> directory and wants some fresh entropy for its own use. >=20 > Why a userland application would want to use these? Would you mind > elaborating what kind of use that would be? I don't have a specific application in mind, and certainly not one for a = jail. However, I'm not sure what the value in removing a feature for a = jail if we don't know if anyone is using that feature. Thus, my = question. > My understanding is that the saved entropy is used for bootstraping > the system only: any applications that wants good random numbers > should just use /dev/random because relying on something saved on disk > is the worst way for someone who wants more entropy. Quite true. Note, however, that we don't delete the saved entropy after = booting and add it just before shutdown: we leave it there for some = reason. I'm not sure why a jail is so different of an environment that = it should be treated differently than a normal (non-jail) environment. = Maybe there is a reason, but I'm not seeing it. >> Is there a problem with saving the directory in jails? It >> certainly isn't taking up much space. >=20 > No, it's not about space. What I am concerned is that it may have > wasted entropy: each time (every */11 minute) the system would get > 2048 bytes out from /dev/random per jail. This deterministic behavior > may trigger reseeds earlier than wanted. I did not understand this. What changes in the system does removing = /var/db/entropy cause? (If this is answered in a longer article, a = pointer to it would be useful to me (and maybe others).) --Paul Hoffman=