From owner-freebsd-questions@FreeBSD.ORG Mon Feb 28 12:40:25 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8791416A4CF for ; Mon, 28 Feb 2005 12:40:25 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id E41C143D31 for ; Mon, 28 Feb 2005 12:40:24 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id j1SCeOqS014075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 28 Feb 2005 04:40:24 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id j1SCeNCk014073; Mon, 28 Feb 2005 04:40:23 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Mon, 28 Feb 2005 04:40:23 -0800 From: "Loren M. Lang" To: Ted Mittelstaedt Message-ID: <20050228124023.GH1672@alzatex.com> References: <20050228105750.GB15381@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: Rob cc: FreeBSD questions cc: Kris Kennaway Subject: Re: /dev/io , /dev/mem : only used by Xorg? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2005 12:40:25 -0000 On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote: > > > > -----Original Message----- > > From: Kris Kennaway [mailto:kris@obsecurity.org] > > Sent: Monday, February 28, 2005 2:58 AM > > To: Ted Mittelstaedt > > Cc: Rob; FreeBSD questions > > Subject: Re: /dev/io , /dev/mem : only used by Xorg? > > > > > > On Mon, Feb 28, 2005 at 01:32:26AM -0800, Ted Mittelstaedt wrote: > > > > > Instead, they are part of the kernel itself. > > > > > > All the /dev files are, /dev/random, /dev/ad0 and so on, are simple > > > files that take up only a few bytes of space. They are convenient > > > "hook points" to use to get to these devices. That is, when > > a program > > > accesses /dev/random, it isn't actually opening that file. Instead, > > > the kernel intercepts that call and supplies the program opening > > > that device with the output of the actual device. > > > > > > This is why these device files are created with the mknod utility, > > > rather than just copying a file to /dev/random - since doing that is > > > accessing the device, not creating the device file. > > > > > > So, deleting these /dev devices saves you practically no space at > > > all, and does not in fact delete the devices - it only deletes the > > > access point to them. The devices are still there in the kernel. > > > > No, in 5.x the device nodes are created automatically by devfs and > > only appear in /dev by default if support is enabled in the kernel. > > Ah, yes I wasn't paying attention, he did say 5. I stopped paying > attention > after reading that he was wanting to remove /dev/random. > > > As the original poster discussed, /dev/io, /dev/mem and /dev/random > > are optional components of the 5.x kernel, although as I replied, the > > situations in which one would not want to include them are limited. > > > > Actually, recompiling openssl to use a prng daemon instead of the random > device > will probably improve your ssh security - unless they have greatly > improved the entropy generation in the random device in 5.X Is the /dev/random on FreeBSD really this bad? I thought it should be better since it can gather entropy from all over the kernel like interrupts. I'm pretty sure I read that linuxes /dev/random was far supieror to prng and I'd expect FreeBSD to be the same unless someone was lazy in implementing it or there is some major security hole in it. > > Ted > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C