From owner-freebsd-current@FreeBSD.ORG  Mon Nov 14 23:08:57 2011
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 093351065670;
	Mon, 14 Nov 2011 23:08:57 +0000 (UTC) (envelope-from das@freebsd.org)
Received: from zim.MIT.EDU (ZIM.MIT.EDU [18.95.3.101])
	by mx1.freebsd.org (Postfix) with ESMTP id C1B958FC0A;
	Mon, 14 Nov 2011 23:08:56 +0000 (UTC)
Received: from zim.MIT.EDU (localhost [127.0.0.1])
	by zim.MIT.EDU (8.14.5/8.14.2) with ESMTP id pAEN8tZe059746;
	Mon, 14 Nov 2011 18:08:55 -0500 (EST) (envelope-from das@freebsd.org)
Received: (from das@localhost)
	by zim.MIT.EDU (8.14.5/8.14.2/Submit) id pAEN8t6h059745;
	Mon, 14 Nov 2011 18:08:55 -0500 (EST) (envelope-from das@freebsd.org)
Date: Mon, 14 Nov 2011 18:08:55 -0500
From: David Schultz <das@freebsd.org>
To: Andrey Chernov <ache@freebsd.org>, current@freebsd.org, secteam@freebsd.org
Message-ID: <20111114230855.GA59545@zim.MIT.EDU>
Mail-Followup-To: Andrey Chernov <ache@freebsd.org>, current@freebsd.org,
	secteam@freebsd.org
References: <20080916140319.GA34447@nagual.pp.ru>
	<20080916201932.GA59781@zim.MIT.EDU>
	<20111112102241.GA75396@vniz.net>
	<20111112154135.GA21512@zim.MIT.EDU>
	<20111112171531.GA83419@vniz.net>
	<20111114013004.GA53392@zim.MIT.EDU>
	<20111114192721.GA16834@vniz.net>
	<20111114205855.GB58790@zim.MIT.EDU>
	<20111114212926.GA28783@vniz.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20111114212926.GA28783@vniz.net>
Cc: 
Subject: Re: Is fork() hook ever possible?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 23:08:57 -0000

On Tue, Nov 15, 2011, Andrey Chernov wrote:
> On Mon, Nov 14, 2011 at 03:58:55PM -0500, David Schultz wrote:
> > On Mon, Nov 14, 2011, Andrey Chernov wrote:
> > > 1) We should use 
> > > 	mib[0] = CTL_KERN;
> > > 	mib[1] = KERN_ARND;
> > > 
> > > 	len = sizeof(rnd);
> > > 	sysctl(mib, 2, rnd, &len, NULL, 0);
> > > here instead of /dev/random, like OpenBSD did. It helps jails, and 
> > > re-stearing not happens too often in anycase. Obviously it minimizes 
> > > OpenBSD diffs too.
> > 
> > Yes, that was in my list of suggested follow-on work, but I don't
> > have time for it right now.
> 
> I can add this to your patch, we have the same semantics here as OpenBSD, 
> so there will be no surprizes.

Not quite.  OpenBSD's implementation is more careful.  I just
noticed a funny thing about FreeBSD's KERN_ARND sysctl: If the
random device isn't (or can't be) loaded, KERN_ARND silently
decides to initialize itself with the output of random().  This
means that whatever minuscule amount of entropy it might have
picked up from the clock is reduced to a maximum of 31 bits.
That's a fantastic way to provide a false sense of security...