Date: Sun, 24 Jul 2005 15:57:38 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Colin Percival <cperciva@freebsd.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, "Andrey A. Chernov" <ache@FreeBSD.org>, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <20050724135738.GM46538@darkness.comp.waw.pl> In-Reply-To: <42E337A6.8060206@freebsd.org> References: <200507231824.j6NIOl6v034122@repoman.freebsd.org> <42E337A6.8060206@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--EUKSLY24k2f/9z8U Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 23, 2005 at 11:39:34PM -0700, Colin Percival wrote: +> Andrey A. Chernov wrote: +> > FreeBSD src repository +> >=20 +> > Modified files: +> > games/fortune/fortune fortune.c=20 +> > Log: +> > My change, namely srandomdev() addition, was backed out even without +> > discussing with me, and I obviously disagree seeing that afterwards +> > (srandomdev() back out not fix any thing, it can only mask the probl= em). +> > =20 +> > So, back out the back out and return srandomdev(). +>=20 +> Approved by: security-officer (cperciva) +>=20 +> Any change which helps to make a security problem obvious is a good thin= g, and +> a commit which (like revision 1.28) simply hides a security problem from= users +> is Not Desired. We should probably test entropy quality on boot. I've somewhere userland version of /sys/dev/rndtest/ which implements FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --EUKSLY24k2f/9z8U Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFC455SForvXbEpPzQRAqowAJ43wKFnHiS+bstpGSASafDtv869QwCffv+7 ng3ntPVPFdFdEqIvF2iXGYY= =zOQ9 -----END PGP SIGNATURE----- --EUKSLY24k2f/9z8U--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050724135738.GM46538>