Date: Wed, 14 Apr 2004 13:43:30 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: masta <diz@linuxpowered.com> Cc: freebsd-current@FreeBSD.ORG Subject: Re: dev/random Message-ID: <Pine.NEB.3.96L.1040414134217.70783D-100000@fledge.watson.org> In-Reply-To: <407D76F2.3020202@linuxpowered.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Apr 2004, masta wrote: > >>Anyway, in the circumstances pertaining to this thread, aren't we > >>talking about diskless clients in a university lab, and an > >>access-controlled fileserver locked away in a rack somewhere which has > >>the disks? > >> > > > >I have to say that if you're loading your kernel out of TFTP, and your > >root file system is running out of NFS, the chances are you won't mind > >loading /entropy out of NFS. > > > Why? We got a NFSv4 client in base. > Not that this is a highly-likely situation today, I'm just saying anyways. What I'm saying is: DHCP is pretty insecure against local area attacks, as is TFTP, so concerns about storing security-related state in NFS for such systems probably aren't such a big deal. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040414134217.70783D-100000>