Date: Tue, 15 Mar 2011 16:31:31 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Maxim Dounin <mdounin@mdounin.ru> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r219672 - in head: share/man/man9 sys/i386/include Message-ID: <201103151631.34418.jkim@FreeBSD.org> In-Reply-To: <201103151555.45816.jkim@FreeBSD.org> References: <201103151714.p2FHEQdF049456@svn.freebsd.org> <20110315193306.GK99496@mdounin.ru> <201103151555.45816.jkim@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 15 March 2011 03:55 pm, Jung-uk Kim wrote: > On Tuesday 15 March 2011 03:33 pm, Maxim Dounin wrote: > > Hello! > > > > On Tue, Mar 15, 2011 at 05:14:26PM +0000, Jung-uk Kim wrote: > > > Author: jkim > > > Date: Tue Mar 15 17:14:26 2011 > > > New Revision: 219672 > > > URL: http://svn.freebsd.org/changeset/base/219672 > > > > > > Log: > > > Unconditionally use binuptime(9) for get_cyclecount(9) on > > > i386. Since this function is almost exclusively used for random > > > harvesting, there is no need for micro-optimization. Adjust > > > the manual page accordingly. > > > > Note that on early boot only dummy timecounter available, and > > binuptime() has no entropy. > > > > As a result of this change random(9) won't have entropy on early > > boot on i386, and arc4random(9) as well. While there are no > > known major security problems associated with it - it at least > > makes stack protector easily bypasseable as it now (again after > > r198295) uses well-known stack guard instead of random one. And > > there may be other issues as well. > > > > Hope you thought well before moving i386 to a set of platforms > > which have no early boot randomness at all. And you have good > > reason for doing it. > > Hmm... Is bintime(9) good enough for you then? I guess it won't work cause boottimebin is set pretty late. Arg... If I can't come up with something sensible, I'll revert this commit. Jung-uk Kim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103151631.34418.jkim>