From owner-freebsd-questions@FreeBSD.ORG Mon Feb 28 12:11:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADE6716A4CE for ; Mon, 28 Feb 2005 12:11:28 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C54B43D4C for ; Mon, 28 Feb 2005 12:11:28 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j1SCBQb16089; Mon, 28 Feb 2005 04:11:27 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Kris Kennaway" Date: Mon, 28 Feb 2005 04:11:24 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20050228105750.GB15381@xor.obsecurity.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal cc: Rob cc: FreeBSD questions Subject: RE: /dev/io , /dev/mem : only used by Xorg? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2005 12:11:28 -0000 > -----Original Message----- > From: Kris Kennaway [mailto:kris@obsecurity.org] > Sent: Monday, February 28, 2005 2:58 AM > To: Ted Mittelstaedt > Cc: Rob; FreeBSD questions > Subject: Re: /dev/io , /dev/mem : only used by Xorg? > > > On Mon, Feb 28, 2005 at 01:32:26AM -0800, Ted Mittelstaedt wrote: > > > Instead, they are part of the kernel itself. > > > > All the /dev files are, /dev/random, /dev/ad0 and so on, are simple > > files that take up only a few bytes of space. They are convenient > > "hook points" to use to get to these devices. That is, when > a program > > accesses /dev/random, it isn't actually opening that file. Instead, > > the kernel intercepts that call and supplies the program opening > > that device with the output of the actual device. > > > > This is why these device files are created with the mknod utility, > > rather than just copying a file to /dev/random - since doing that is > > accessing the device, not creating the device file. > > > > So, deleting these /dev devices saves you practically no space at > > all, and does not in fact delete the devices - it only deletes the > > access point to them. The devices are still there in the kernel. > > No, in 5.x the device nodes are created automatically by devfs and > only appear in /dev by default if support is enabled in the kernel. Ah, yes I wasn't paying attention, he did say 5. I stopped paying attention after reading that he was wanting to remove /dev/random. > As the original poster discussed, /dev/io, /dev/mem and /dev/random > are optional components of the 5.x kernel, although as I replied, the > situations in which one would not want to include them are limited. > Actually, recompiling openssl to use a prng daemon instead of the random device will probably improve your ssh security - unless they have greatly improved the entropy generation in the random device in 5.X Ted