From owner-freebsd-security@FreeBSD.ORG Tue Sep 11 05:46:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 03CED1065676; Tue, 11 Sep 2012 05:46:10 +0000 (UTC) Date: Mon, 10 Sep 2012 22:46:09 -0700 From: David O'Brien To: Dag-Erling =?unknown-8bit?B?U23DuHJncmF2?= Message-ID: <20120911054608.GA72584@dragon.NUXI.org> References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <867gs2hqtt.fsf@ds4.des.no> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 05:46:10 -0000 On Mon, Sep 10, 2012 at 04:53:34PM +0200, Dag-Erling Smrgrav wrote: > David O'Brien writes: > > + ( dmesg; kenv; df -ib; \ > > None of these change much between reboots; dmesg and kenv don't change > at all, I know that. I mentioned some attacker scenarios in a previous email. None of this is all that good... but at least for the attacker who does not have a login on the system, how likely are they to be able to guess what my kenv (and dmesg) output is? Sure the search space of all possible outputs isn't really all that great, but these add at least *some* effort. By passing this output thru a cryptographic hash, we aren't overfilling the internal yarrow seed buffers so it is OK to error on adding 1 more bit of entropy if the output is fast to get and output. > and neither does df unless you have /tmp and / or /var on /. Agreed. > > + ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl; \ > -f doesn't hurt but is unlikely to make any difference in the output. > -u is overridden by -o and therefore pointless. Please verify this claim (or have I misunderstood you?): $ ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl >/tmp/1 $ ps -faxrH -o nwchan,nivcsw,nvcsw,time,re,sl >/tmp/2 $ diff -u /tmp/1 /tmp/2 --- /tmp/1 2012-09-10 22:13:56.000000000 -0700 +++ /tmp/2 2012-09-10 22:14:02.000000000 -0700 @@ -1,112 +1,112 @@ -USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND NWCHAN NIVCSW NVCSW TIME RE SL -root 11 100.0 0.0 0 32 - RL Thu09AM 6518:01.18 [idle] - 31970908 1566173 6518:01.18 127 127 -root 11 100.0 0.0 0 32 - RL Thu09AM 6516:05.59 [idle] - 8697044 735838 6516:05.59 127 127 -root 0 0.0 0.0 0 192 - DLs Thu09AM 0:54.67 [kernel] ffffffff81288b00 103 39126 0:54.67 127 4 ... +NWCHAN NIVCSW NVCSW TIME RE SL +- 31971474 1566182 6518:07.65 127 127 +- 8697241 735839 6516:12.08 127 127 +ffffffff81288b00 103 39127 0:54.67 127 1 In the above I am not saying anything about the usefulness of including "-u", just that it is fully overridden by -o and thus useless. > -r just changes the sort order, which is probably pointless. I'm not wedded to "-r", but since you're proposing this to not use "-r", which Ian Lepore suggested after instrumenting /etc/rc.d/initrandom and looking at the output, please show a diff of two boots with "-r" and without "-r" so can see what the change really is. > -H greatly increases the amount of data but not the entropy. I disagree. It isn't a great amount of variance and thus unpredictability, but it is a little bit. Have you instrumented /etc/rc.d/initrandom and diff'ed two boots? I have. > time, re and sl are in seconds and therefore extremely predictable. easily to predict, but more than zero effort. > so: > ps -axo nwchan,majflt,minflt,nivcsw,nvcsw I do like adding "majflt,minflt" from what I've seen of the output. Thus (sorting the fields): ps -fauxrH -o majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time -- -- David (obrien@FreeBSD.org)