Date: Tue, 15 Mar 2011 15:55:43 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Maxim Dounin <mdounin@mdounin.ru> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r219672 - in head: share/man/man9 sys/i386/include Message-ID: <201103151555.45816.jkim@FreeBSD.org> In-Reply-To: <20110315193306.GK99496@mdounin.ru> References: <201103151714.p2FHEQdF049456@svn.freebsd.org> <20110315193306.GK99496@mdounin.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 15 March 2011 03:33 pm, Maxim Dounin wrote: > Hello! > > On Tue, Mar 15, 2011 at 05:14:26PM +0000, Jung-uk Kim wrote: > > Author: jkim > > Date: Tue Mar 15 17:14:26 2011 > > New Revision: 219672 > > URL: http://svn.freebsd.org/changeset/base/219672 > > > > Log: > > Unconditionally use binuptime(9) for get_cyclecount(9) on i386. > > Since this function is almost exclusively used for random > > harvesting, there is no need for micro-optimization. Adjust the > > manual page accordingly. > > Note that on early boot only dummy timecounter available, and > binuptime() has no entropy. > > As a result of this change random(9) won't have entropy on early > boot on i386, and arc4random(9) as well. While there are no known > major security problems associated with it - it at least makes > stack protector easily bypasseable as it now (again after r198295) > uses well-known stack guard instead of random one. And there may > be other issues as well. > > Hope you thought well before moving i386 to a set of platforms > which have no early boot randomness at all. And you have good > reason for doing it. Hmm... Is bintime(9) good enough for you then? Jung-uk Kim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103151555.45816.jkim>