Date: Mon, 28 Feb 2005 04:11:24 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Kris Kennaway" <kris@obsecurity.org> Cc: FreeBSD questions <freebsd-questions@freebsd.org> Subject: RE: /dev/io , /dev/mem : only used by Xorg? Message-ID: <LOBBIFDAGNMAMLGJJCKNEEJBFAAA.tedm@toybox.placo.com> In-Reply-To: <20050228105750.GB15381@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Kris Kennaway [mailto:kris@obsecurity.org] > Sent: Monday, February 28, 2005 2:58 AM > To: Ted Mittelstaedt > Cc: Rob; FreeBSD questions > Subject: Re: /dev/io , /dev/mem : only used by Xorg? > > > On Mon, Feb 28, 2005 at 01:32:26AM -0800, Ted Mittelstaedt wrote: > > > Instead, they are part of the kernel itself. > > > > All the /dev files are, /dev/random, /dev/ad0 and so on, are simple > > files that take up only a few bytes of space. They are convenient > > "hook points" to use to get to these devices. That is, when > a program > > accesses /dev/random, it isn't actually opening that file. Instead, > > the kernel intercepts that call and supplies the program opening > > that device with the output of the actual device. > > > > This is why these device files are created with the mknod utility, > > rather than just copying a file to /dev/random - since doing that is > > accessing the device, not creating the device file. > > > > So, deleting these /dev devices saves you practically no space at > > all, and does not in fact delete the devices - it only deletes the > > access point to them. The devices are still there in the kernel. > > No, in 5.x the device nodes are created automatically by devfs and > only appear in /dev by default if support is enabled in the kernel. Ah, yes I wasn't paying attention, he did say 5. I stopped paying attention after reading that he was wanting to remove /dev/random. > As the original poster discussed, /dev/io, /dev/mem and /dev/random > are optional components of the 5.x kernel, although as I replied, the > situations in which one would not want to include them are limited. > Actually, recompiling openssl to use a prng daemon instead of the random device will probably improve your ssh security - unless they have greatly improved the entropy generation in the random device in 5.X Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNEEJBFAAA.tedm>