Date: Wed, 25 Dec 2013 22:50:00 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: [PATCH RFC] Disable save-entropy in jails Message-ID: <20131225225000.0c9ad452@gumby.homeunix.com> In-Reply-To: <20131225212338.GA2679@garage.freebsd.pl> References: <52B9F232.1090002@delphij.net> <20131225212338.GA2679@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Dec 2013 22:24:27 +0100 Pawel Jakub Dawidek wrote: > We could do the same for save-entropy. It would be even nicer to have > some flag so that even sysctl(8) is not executed. The only security consideration here is that a bug in that conditional test might prevent entropy being saved. The benefit is saving a few KBs of disk space and a few cpu cycles a few times an hour. Tiny risk, even tinier benefit IMO.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131225225000.0c9ad452>