From owner-freebsd-security@FreeBSD.ORG Sat Sep 15 15:10:17 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64958106566C; Sat, 15 Sep 2012 15:10:17 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id AD53F8FC0C; Sat, 15 Sep 2012 15:10:16 +0000 (UTC) Received: by vbmv11 with SMTP id v11so388829vbm.13 for ; Sat, 15 Sep 2012 08:10:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=x3CcuBqvEM9nlb1ZM4ozRTtGefHaIN5Nzv9S+M7JfWE=; b=IPv+hXYYGvj5opbeFbwwlthfmAIut9NZ6Maf7ti4sNZaotgh3+dE5G/GRyWmw/BXd4 2TPXJwFWuDNUuDH8kKhOMKnCZWN406a22SKbSCo38ZbFodxyDE2LGvcCcFQgkvtdeRiq ugfwczY+tMV8NMH0IsBYuHVsnxWZ0PyTKwGHZPXEgxUEHQelzZc7xHEpb9uydXK2eXqx 3EbcsL0ww/5ZmBvAjTC2FVR6Mqym7Kgf1cf1EKcenN7UqeJkx75s9IH6HVt8BMbWvCsv p731flvvfu65YRl/hl6k3TtHEeQIvR7FA/K8dCLJqFATYXHBfVetVEPN0U8cjdlIlHsd 0yeA== MIME-Version: 1.0 Received: by 10.52.37.100 with SMTP id x4mr1209245vdj.56.1347721815999; Sat, 15 Sep 2012 08:10:15 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.58.79.243 with HTTP; Sat, 15 Sep 2012 08:10:15 -0700 (PDT) In-Reply-To: References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> Date: Sat, 15 Sep 2012 16:10:15 +0100 X-Google-Sender-Auth: iAEqDSCCs8MiNYWUXsrqIT6eGFs Message-ID: From: Ben Laurie To: Mark Murray Content-Type: text/plain; charset=ISO-8859-1 Cc: Arthur Mesh , Ian Lepore , Doug Barton , freebsd-security@freebsd.org, RW , "Bjoern A. Zeeb" Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Sep 2012 15:10:17 -0000 On Sat, Sep 15, 2012 at 1:07 PM, Mark Murray wrote: > Ben Laurie writes: >> I notice that events are also discarded when the queue reaches a >> certain length. This seems like a problem, too. > > Hooboy. > > Please go back and read this whole thread from the beginning. Attempting > to mitigate the inevitable effects of filling the harvest queue is the > main thrust of what I'm trying to solve. I am not re-reading the thread! Much of it is ranting and I don't have the time or energy - plus, the thread is almost entirely about how to change inputs to deal with artefacts of the implementation. If there was discussion about the basic design, then I missed it and I'm sorry. It seems to me that much of the problem derives from a departure from Yarrow, which does not include a queue that can be filled. The queue appears to exist because of a fear that people might abuse a direct feed into yarrow and consume too many resources. How about this as a suggestion: have a device that does feed directly to yarrow and make it root-only. Keep the queued design for the public device. Obviously it would still be nice to try to extract as much goodness as possible from the public inputs, but it seems less critical. BTW, my interested here is as a member of the security team and particularly as a result of https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/ - most of the offending devices were Linux based, but it seems some of them were FreeBSD - and whilst I think we're in much better shape than Linux, I also think there's room for improvement.