From owner-freebsd-security@FreeBSD.ORG  Fri Sep 14 23:15:10 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 188981065677;
	Fri, 14 Sep 2012 23:15:10 +0000 (UTC)
	(envelope-from arthurmesh@gmail.com)
Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com
	[209.85.160.54])
	by mx1.freebsd.org (Postfix) with ESMTP id AB24B8FC1C;
	Fri, 14 Sep 2012 23:15:09 +0000 (UTC)
Received: by pbbrp2 with SMTP id rp2so6898646pbb.13
	for <multiple recipients>; Fri, 14 Sep 2012 16:15:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:user-agent;
	bh=TbKnScZM0+rQcvwLwehh8Ti9Br/5NdhfKO8wRX0TydA=;
	b=LdFcxhvnIhRLkTurfZMsRdjvWRLZefQcOwxNVd8ziMlG2wmc96mjPqFyVCAk2mLb2t
	hmmLSM0E67mUs2WLKuC6EGkuptRUGByJjjkzEdaAZkox+n+g3U0pMnwiBGlHGBEqJ+/v
	lsr5dqSQzl4YJLJ/dCcO+VJDzN7yFvd5wHvkZHVFQWrtxgYFPiA2U44RCF92P3WIwqZW
	HnS/ea4mZkzB2HLroBF920P+u4ooYT6uTQHHPBuNLlXoYX4dP5QGGMSG6B+NP9shSPW7
	fQr6ocSU1mjqSWYwjTq56Scj3YLez2Bu49mjK/WLCYiGMClUHQWSNg9s6o+EUhVvgbdl
	GQzg==
Received: by 10.68.223.164 with SMTP id qv4mr7181210pbc.20.1347664509056;
	Fri, 14 Sep 2012 16:15:09 -0700 (PDT)
Received: from x96.org (x96.org. [64.85.165.177])
	by mx.google.com with ESMTPS id uh7sm1750840pbc.35.2012.09.14.16.15.05
	(version=SSLv3 cipher=OTHER); Fri, 14 Sep 2012 16:15:07 -0700 (PDT)
Date: Fri, 14 Sep 2012 16:15:03 -0700
From: Arthur Mesh <arthurmesh@gmail.com>
To: Mark Murray <mark@grondar.org>, Mark Murray <markm@FreeBSD.org>
Message-ID: <20120914231503.GP14077@x96.org>
References: <alpine.BSF.2.00.1209141336170.13080@ai.fobar.qr>
	<E1TCXN0-000NFT-7I@groundzero.grondar.org>
	<CAG5KPzwOdCkybj3D5uic1KC-pwW-pewgsrqrXg60f5SJjtzYPw@mail.gmail.com>
	<E1TCbDG-0002Hz-9D@groundzero.grondar.org>
	<CAG5KPzzRxzVX-+9fYjRdqjY-wScbM6AA7GYtLmktgMG0Zg8iyQ@mail.gmail.com>
	<E1TCbSz-0007CJ-BI@groundzero.grondar.org>
	<CAG5KPzyJNmXRfxtPPrdc2zVCsxGtDfJT79YC3a1PNUfOOSzt8A@mail.gmail.com>
	<E1TCcIq-000Brr-Ex@groundzero.grondar.org>
	<CAG5KPzwEESg7iUb2+-kAN+k55M95BZjh5VaSvxzSsSCVuZ9kMw@mail.gmail.com>
	<E1TCdlD-000C1N-4g@groundzero.grondar.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1TCdlD-000C1N-4g@groundzero.grondar.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Mailman-Approved-At: Sat, 15 Sep 2012 01:45:36 +0000
Cc: Arthur Mesh <arthurmesh@gmail.com>,
	Ian Lepore <freebsd@damnhippie.dyndns.org>,
	Doug Barton <dougb@freebsd.org>, Ben Laurie <benl@freebsd.org>,
	freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>,
	"Bjoern A. Zeeb" <bz@freebsd.org>
Subject: Re: svn commit: r239569 - head/etc/rc.d
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 23:15:10 -0000

On Fri, Sep 14, 2012 at 10:49:14PM +0100, Mark Murray wrote:
> I can certainly trigger a reseed at will, but allowing external writes
> to overwhelm the system by doing a
> 
> $ cat /dev/zero > /dev/random
> 
> ... just ain't gonna happen. No, sir.

Has it been considered that /dev/random being "rw-rw-rw-" may be a bad
idea? What's the benefit of allowing unprivileged users reseeding
yarrow? Perhaps restricting it to "rw-r--r--" is a part of the solution
that may address potential system overwhelm by unprivileged users?