Date: Fri, 12 Jan 2001 09:22:50 +1100 From: "Andrew Reilly" <areilly@bigpond.net.au> To: Mark Murray <mark@grondar.za> Cc: Matt Dillon <dillon@earth.backplane.com>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.conf src/etc/mtree BSD.root.dist src/libexec Makefile src/libexec/save-entropy Makefile save-entropy.sh Message-ID: <20010112092249.A42857@gurney.reilly.home> In-Reply-To: <200101112033.f0BKXtI10390@gratis.grondar.za>; from mark@grondar.za on Thu, Jan 11, 2001 at 10:33:53PM %2B0200 References: <200101111901.f0BJ1jU72510@earth.backplane.com> <200101112033.f0BKXtI10390@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 11, 2001 at 10:33:53PM +0200, Mark Murray wrote: > > I'm going to be blunt: Hell will freeze over before I allow the > > entropy file to be placed in /. It makes absolutely no sense > > whatsoever to break our ability to mount a read-only / just > > because nobody is willing to do some minor shifting of things > > in /etc/rc. We have a directory for variable data, it's called > > /var. We have a directory for persistent state files, it's called > > /var/db. They must be used, ESPECIALLY for something like this. > > You can help here; if we can get a guaranteed mount (for all possible > types of mount) of /var, then I'll agree with you. Remember that this > must potentially happen _before_ the random device is reseeded. Why? Can't you reseed the random device multiple times, as more entropy becomes available? Sure, random() calls before then might be more "crackable", but it doesn't sound as though that's a serious problem. -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010112092249.A42857>