Date: Tue, 04 Sep 2012 15:39:34 -0700 From: Doug Barton <dougb@FreeBSD.org> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-security@FreeBSD.org, freebsd-rc@FreeBSD.org, Mark Murray <markm@FreeBSD.org> Subject: Re: svn commit: r239598 - head/etc/rc.d Message-ID: <50468326.8070009@FreeBSD.org> In-Reply-To: <20120904220126.GA85339@dragon.NUXI.org> References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <20120904220126.GA85339@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/04/2012 03:01 PM, David O'Brien wrote: > On Sun, Sep 02, 2012 at 03:57:13PM -0700, Doug Barton wrote: >> On 08/22/2012 16:37, David E. O'Brien wrote: >>> Author: obrien >>> Date: Wed Aug 22 23:37:24 2012 >>> New Revision: 239598 >>> URL: http://svn.freebsd.org/changeset/base/239598 >>> >>> Log: >>> * Reinstate r128059's consumption of our best entropy first. >>> r128060 for "hardware-supplied entropy" reversed this without reason, >>> seems a typo. >> >> I object to this change as well, although mostly for sentimental >> reasons. :) > > > Hi Doug, > Hope you had a good Labor Day Holiday. > > I'm sorry I didn't see your messages before I committed another change to > this file (r240108). Yes, me too. :) > I had it ready to commit last Thursday night, but > didn't want to commit it before being AFK over the holiday. That much is appreciated. Regarding your changes in r240108: 1. Adding kenv to the mix is probably a good idea, however the output of the ps command won't be the same both times it is run, which is why it was in there twice. I'll have to give the kenv output a look. I would also like to confirm that it's available on all platforms. 2. I'm not sure I like the change from cat'ing /bin/ls to the hash of the kern.bootfile output. Given that most users stick with the GENERIC kernel or the same custom kernel on multiple machines I'm not confident that there will be a statistically significant difference in the amount entropy between the 2, and given what Yarrow does to obfuscate the internal entropy state I'm not confident that hashing the input is either necessary or desirable. 3. Given that we're running the same set of commands at each boot, it's not clear to me how changing the order helps, but I don't necessarily disagree with that change. >> It's also dubious whether the static /entropy file is >> really the "best" option at that point, since the "better than nothing" >> entropy at least contains some elements that have the potential to be >> different at boot time. > > I may be misreading. Are you suggesting you don't have much faith that > there is a good amount of entropy in the saved "/entropy" as produced by > /dev/random? I clarified this in subsequent parts of the thread, if I need to clarify further after you have caught up don't hesitate to let me know. >>> * Isolate "better than nothing" implementation to a function. >> >> We generally don't extract code that's only run once into a function, >> and my stylistic preference is that we do not do that. > > I'll go thru your messages and take a look at your diff. Thanks. In case it's not clear, please hold off on any further changes until we have a better consensus on what the changes should be. > I think what I committed is a better abstraction. > I think the name of the function helps drive the point that that entropy > gathering isn't all that good, and makes reading the logic flow of the > code easier to read. I disagree on all points, sorry. But at this time the function is the least of my worries. :) Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50468326.8070009>