From owner-freebsd-security@FreeBSD.ORG  Fri Sep 14 19:25:08 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CE6FD1065679
	for <freebsd-security@freebsd.org>;
	Fri, 14 Sep 2012 19:25:08 +0000 (UTC)
	(envelope-from markm@FreeBSD.org)
Received: from gromit.grondar.org (grandfather.grondar.org
	[IPv6:2a01:348:0:15:5d59:5c20:0:2])
	by mx1.freebsd.org (Postfix) with ESMTP id 7D88D8FC19
	for <freebsd-security@freebsd.org>;
	Fri, 14 Sep 2012 19:25:08 +0000 (UTC)
Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.77
	(FreeBSD)) (envelope-from <markm@FreeBSD.org>) id 1TCbVj-0004vy-Ml
	for freebsd-security@freebsd.org; Fri, 14 Sep 2012 20:25:07 +0100
Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org)
	by groundzero.grondar.org with esmtp (Exim 4.77 (FreeBSD))
	(envelope-from <markm@FreeBSD.org>)
	id 1TCbSz-0007CJ-BI; Fri, 14 Sep 2012 20:22:17 +0100
To: Ben Laurie <benl@freebsd.org>
In-reply-to: <CAG5KPzzRxzVX-+9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com>
References: <50453686.9090100@FreeBSD.org>
	<20120911082309.GD72584@dragon.NUXI.org>
	<504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org>
	<5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org>
	<20120913052431.GA15052@dragon.NUXI.org>
	<alpine.BSF.2.00.1209131258210.13080@ai.fobar.qr>
	<alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr>
	<E1TCXN0-000NFT-7I@groundzero.grondar.org>
	<CAG5KPzwOdCkybj3D5uic1KC-pwW-pewgsrqrXg60f5SJjtzYPw@mail.gmail.com>
	<E1TCbDG-0002Hz-9D@groundzero.grondar.org>
	<CAG5KPzzRxzVX-+9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com>
From: Mark Murray <markm@FreeBSD.org>
Date: Fri, 14 Sep 2012 20:22:17 +0100
Message-Id: <E1TCbSz-0007CJ-BI@groundzero.grondar.org>
Cc: Arthur Mesh <arthurmesh@gmail.com>,
	Ian Lepore <freebsd@damnhippie.dyndns.org>,
	Doug Barton <dougb@freebsd.org>, freebsd-security@freebsd.org,
	RW <rwmaillists@googlemail.com>, "Bjoern A. Zeeb" <bz@freebsd.org>
Subject: Re: svn commit: r239569 - head/etc/rc.d
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 19:25:08 -0000

Ben Laurie writes:
> > What??! Have you seen how Yarrow does its harvesting??
> 
> If you XOR into the as-yet-unharvested buffer, then appropriately
> aligned repeated input makes the buffer zero.

There is an "if" and an "appropriately" in there. The entropy is
estimated as Zero anyway, in spite of getting "free" TSC jitter, and if
this is an attack, the system is screwed to begin with.

M
--
Mark R V Murray
Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open)
Pi: 132511160