Date: Thu, 06 Sep 2012 21:19:41 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-security@FreeBSD.org, Doug Barton <dougb@FreeBSD.org>, freebsd-rc@FreeBSD.org, Mark Murray <markm@FreeBSD.org> Subject: Re: svn commit: r239598 - head/etc/rc.d Message-ID: <86lignot6a.fsf@ds4.des.no> In-Reply-To: <20120906184400.GF13179@dragon.NUXI.org> (David O'Brien's message of "Thu, 6 Sep 2012 11:44:00 -0700") References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <20120904220126.GA85339@dragon.NUXI.org> <50468326.8070009@FreeBSD.org> <20120906164514.GA14757@dragon.NUXI.org> <867gs7qcsl.fsf@ds4.des.no> <20120906184400.GF13179@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David O'Brien <obrien@FreeBSD.org> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> > However, it does not vary from one boot to another, or even from one
> > machine to another if they run the same FreeBSD version with the same
> > device.hints and loader.conf on the same hardware configuration.
> ... and same BIOS version.
>
> I found on some Dell desktops and HP servers I looked at that the
> 'hint.acpi.0' MIB could vary depending on BIOS version, and 'smbios'
> MIB did vary between systems.
kenv(1) on the machine I'm typing this on produces 2128 bytes, less than
1% of which will vary between machines with the same motherboard. The
UUID is all-zeroes except for the lower 48 bits, which are identical to
the on-board NIC's MAC address. The BIOS version consists of two
characters ("F8") and a release date ("01/08/2007"). If the attacker
knows what motherboard I have, he can easily figure out the handful of
possible BIOS revisions and release dates, and the first 24 bits of the
MAC address (00:16:e6). The amount of installed memory may vary, but it
is extremely likely to be the product of 1048576 and a smallish power of
two (4, in this case).
> I'm not saying 'kenv' is perfect, but it was something I found in
> /[s]bin that varied between systems so it was a good replacement for
> one of the 'ps' runs.
...except ps(1) varies between reboots and over time, especially if you
include fields like majflt, minflt, nivcsw and nvcsw, and to a lesser
extent systime and usertime (it would help if they had greater
resolution); whereas kenv(1) does not and can be identical or nearly so
on multiple machines.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86lignot6a.fsf>