From owner-cvs-src@FreeBSD.ORG Sun Jul 24 13:57:41 2005 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3268016A41F; Sun, 24 Jul 2005 13:57:41 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1B2343D55; Sun, 24 Jul 2005 13:57:40 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 6D853ACAF4; Sun, 24 Jul 2005 15:57:38 +0200 (CEST) Date: Sun, 24 Jul 2005 15:57:38 +0200 From: Pawel Jakub Dawidek To: Colin Percival Message-ID: <20050724135738.GM46538@darkness.comp.waw.pl> References: <200507231824.j6NIOl6v034122@repoman.freebsd.org> <42E337A6.8060206@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EUKSLY24k2f/9z8U" Content-Disposition: inline In-Reply-To: <42E337A6.8060206@freebsd.org> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, "Andrey A. Chernov" , cvs-all@FreeBSD.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jul 2005 13:57:41 -0000 --EUKSLY24k2f/9z8U Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 23, 2005 at 11:39:34PM -0700, Colin Percival wrote: +> Andrey A. Chernov wrote: +> > FreeBSD src repository +> >=20 +> > Modified files: +> > games/fortune/fortune fortune.c=20 +> > Log: +> > My change, namely srandomdev() addition, was backed out even without +> > discussing with me, and I obviously disagree seeing that afterwards +> > (srandomdev() back out not fix any thing, it can only mask the probl= em). +> > =20 +> > So, back out the back out and return srandomdev(). +>=20 +> Approved by: security-officer (cperciva) +>=20 +> Any change which helps to make a security problem obvious is a good thin= g, and +> a commit which (like revision 1.28) simply hides a security problem from= users +> is Not Desired. We should probably test entropy quality on boot. I've somewhere userland version of /sys/dev/rndtest/ which implements FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --EUKSLY24k2f/9z8U Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFC455SForvXbEpPzQRAqowAJ43wKFnHiS+bstpGSASafDtv869QwCffv+7 ng3ntPVPFdFdEqIvF2iXGYY= =zOQ9 -----END PGP SIGNATURE----- --EUKSLY24k2f/9z8U--