Date: Thu, 11 Jan 2001 17:31:20 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Warner Losh <imp@harmony.village.org> Cc: Jordan Hubbard <jkh@winston.osd.bsdi.com>, Sheldon Hearn <sheldonh@uunet.co.za>, obrien@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh Message-ID: <200101120131.f0C1VK980630@earth.backplane.com> References: <19283.979245383@winston.osd.bsdi.com> <200101112222.f0BMMNs75120@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:I'm still not sure why we can't do something like:
:
: date > /dev/random
: cat /bin/ls > /dev/random
: fsck
: mount the file systems
: read in the entropy file
:
:Eg, toss some bone to the random pool. Sure, it will be highly
:preditable, but for the mount commands it doesn't matter. We fix
:before anything interesting happens.
:
:Warner
I like this idea better then 'fixing' mount_mfs. There is nothing
preventing one from including a number of sources... still predictable,
but not really by an outside attacker and quite reasonable for filesystem
mounting.
date
dmesg
ls -lua /
df -i /
Stick with 'safe' programs that reside in /bin and /sbin... those not
dependant on kvm or system structure sizes.
Then we don't have to worry about special casing any codebases in the
tree.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101120131.f0C1VK980630>