From owner-cvs-all Thu Jan 11 17:31:50 2001 Delivered-To: cvs-all@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843399.broadbandoffice.net [64.47.83.135]) by hub.freebsd.org (Postfix) with ESMTP id 72F1737B400; Thu, 11 Jan 2001 17:31:30 -0800 (PST) Received: (from dillon@localhost) by earth.backplane.com (8.11.1/8.9.3) id f0C1VK980630; Thu, 11 Jan 2001 17:31:20 -0800 (PST) (envelope-from dillon) Date: Thu, 11 Jan 2001 17:31:20 -0800 (PST) From: Matt Dillon Message-Id: <200101120131.f0C1VK980630@earth.backplane.com> To: Warner Losh Cc: Jordan Hubbard , Sheldon Hearn , obrien@FreeBSD.ORG, Doug Barton , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh References: <19283.979245383@winston.osd.bsdi.com> <200101112222.f0BMMNs75120@harmony.village.org> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :I'm still not sure why we can't do something like: : : date > /dev/random : cat /bin/ls > /dev/random : fsck : mount the file systems : read in the entropy file : :Eg, toss some bone to the random pool. Sure, it will be highly :preditable, but for the mount commands it doesn't matter. We fix :before anything interesting happens. : :Warner I like this idea better then 'fixing' mount_mfs. There is nothing preventing one from including a number of sources... still predictable, but not really by an outside attacker and quite reasonable for filesystem mounting. date dmesg ls -lua / df -i / Stick with 'safe' programs that reside in /bin and /sbin... those not dependant on kvm or system structure sizes. Then we don't have to worry about special casing any codebases in the tree. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message