From owner-cvs-all  Thu Jan 11 14:24: 8 2001
Delivered-To: cvs-all@freebsd.org
Received: from sr14.nsw-remote.bigpond.net.au (sr14.nsw-remote.bigpond.net.au [24.192.3.29])
	by hub.freebsd.org (Postfix) with ESMTP id 6DCDB37B6B5
	for <cvs-all@FreeBSD.ORG>; Thu, 11 Jan 2001 14:23:37 -0800 (PST)
Received: from areilly.bpc-users.org (CPE-144-132-234-126.nsw.bigpond.net.au [144.132.234.126])
	by sr14.nsw-remote.bigpond.net.au (Pro-8.9.3/8.9.3) with SMTP id JAA16827
	for <cvs-all@FreeBSD.ORG>; Fri, 12 Jan 2001 09:23:02 +1100 (EDT)
Received: (qmail 43221 invoked by uid 1000); 11 Jan 2001 22:22:50 -0000
From: "Andrew Reilly" <areilly@bigpond.net.au>
Date: Fri, 12 Jan 2001 09:22:50 +1100
To: Mark Murray <mark@grondar.za>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh
Message-ID: <20010112092249.A42857@gurney.reilly.home>
References: <200101111901.f0BJ1jU72510@earth.backplane.com> <200101112033.f0BKXtI10390@gratis.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200101112033.f0BKXtI10390@gratis.grondar.za>; from mark@grondar.za on Thu, Jan 11, 2001 at 10:33:53PM +0200
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Jan 11, 2001 at 10:33:53PM +0200, Mark Murray wrote:
> >     I'm going to be blunt:  Hell will freeze over before I allow the
> >     entropy file to be placed in /. It makes absolutely no sense
> >     whatsoever to break our ability to mount a read-only / just
> >     because nobody is willing to do some minor shifting of things
> >     in /etc/rc.  We have a directory for variable data, it's called
> >     /var.  We have a directory for persistent state files, it's called
> >     /var/db.  They must be used, ESPECIALLY for something like this.
> 
> You can help here; if we can get a guaranteed mount (for all possible
> types of mount) of /var, then I'll agree with you. Remember that this
> must potentially happen _before_ the random device is reseeded.

Why?  Can't you reseed the random device multiple times, as more
entropy becomes available?  Sure, random() calls before then
might be more "crackable", but it doesn't sound as though that's
a serious problem.

-- 
Andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message