Date: Fri, 21 Jul 2000 18:57:19 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Mark Murray <mark@grondar.za> Cc: David Scheidt <dscheidt@enteract.com>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <Pine.BSF.4.21.0007211855390.68809-100000@freefall.freebsd.org> In-Reply-To: <200007212002.WAA01222@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 21 Jul 2000, Mark Murray wrote:
> If you are worried about someone reading the disk of a rebooting box,
> then you need to be worried about console access; if your attacker has
> console, you are screwed anyway.
For most people, yes. But it's like all of the buffer overflows in
non-setuid utilities: they're not security risks for the vast majority of
users, but who's to say there won't be a situation somewhere when it is
one. Better not to take the risk, since it's not necessary here.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007211855390.68809-100000>