From owner-freebsd-arch@FreeBSD.ORG Fri Nov 21 18:45:22 2014 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9A028EFD; Fri, 21 Nov 2014 18:45:22 +0000 (UTC) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 610A99FD; Fri, 21 Nov 2014 18:45:22 +0000 (UTC) Received: from [2001:470:9174:1:c160:6db5:dfbd:9b92] by gromit.grondar.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84 (FreeBSD)) (envelope-from ) id 1XrtCq-000NXo-IN; Fri, 21 Nov 2014 18:45:20 +0000 Subject: Re: svn commit: r274739 - head/sys/mips/conf Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Content-Type: text/plain; charset=utf-8 From: Mark R V Murray In-Reply-To: <1416582989.1147.250.camel@revolution.hippie.lan> Date: Fri, 21 Nov 2014 18:45:19 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org> References: <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <20141121092245.GI99957@funkthat.com> <1416582989.1147.250.camel@revolution.hippie.lan> To: Ian Lepore X-Mailer: Apple Mail (2.1993) X-SA-Score: -1.0 Cc: arch@freebsd.org, John-Mark Gurney , Adrian Chadd X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2014 18:45:22 -0000 > On 21 Nov 2014, at 15:16, Ian Lepore wrote: >=20 >> If you can demonstrate a usable system w/o much modifications that >> runs w/ the dummy interface, or no boot random, that I'll drop my >> suggestion... I'll try removing random tomorrow and see what = breaks... >>=20 >=20 > If your point is that after the recent commits you can no longer do > these things, then I guess that's kind of hard to argue with given = that > some of us have been trying to say for a couple years that if=20 > /dev/random starts blocking to wait for entropy at startup, existing > *functional* small systems will stop working. As a fair bit of the security subsystem depends on working /dev/random, this is true. HOWEVER - I=E2=80=99m most willing to entertain ideas on how to get a = general config going that disables anything that is /dev/random-dependant. Asking the SO to break sshd(8) isn=E2=80=99t going to work, but enabling (say) telnet and/or rsh in the !random(4) case could be a way to do it. > Before those changes everything worked fine on the 90mhz 64MB arm > systems we build products around, which have no more than a few bits = of > entropy available during the boot process, and which (I'll say it = again > even though nobody has ever paid any attention to it) don't actually > need any entropy to come up and do what it is they are designed to do. >=20 > They don't use https (a few of them don't even have network > connections). They use ssh for its convenience (it's better than > telnet), but NOT for security. (And really, whether that makes sense = to > you or not, "the system must be secure" is not your decision to make.) Why not just use rsh? If the security overhead is onerous, don=E2=80=99t = use it. > I haven't tested a recent -current on those small systems, but we've > already resigned ourselves to sticking with 8.x for those older boards > just because the tide of bloat (both code and policy) is too much to > swim against. Yet you use ssh? M --=20 Mark R V Murray