Date: Mon, 28 Feb 2005 04:40:23 -0800 From: "Loren M. Lang" <lorenl@alzatex.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: /dev/io , /dev/mem : only used by Xorg? Message-ID: <20050228124023.GH1672@alzatex.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNEEJBFAAA.tedm@toybox.placo.com> References: <20050228105750.GB15381@xor.obsecurity.org> <LOBBIFDAGNMAMLGJJCKNEEJBFAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote: > > > > -----Original Message----- > > From: Kris Kennaway [mailto:kris@obsecurity.org] > > Sent: Monday, February 28, 2005 2:58 AM > > To: Ted Mittelstaedt > > Cc: Rob; FreeBSD questions > > Subject: Re: /dev/io , /dev/mem : only used by Xorg? > > > > > > On Mon, Feb 28, 2005 at 01:32:26AM -0800, Ted Mittelstaedt wrote: > > > > > Instead, they are part of the kernel itself. > > > > > > All the /dev files are, /dev/random, /dev/ad0 and so on, are simple > > > files that take up only a few bytes of space. They are convenient > > > "hook points" to use to get to these devices. That is, when > > a program > > > accesses /dev/random, it isn't actually opening that file. Instead, > > > the kernel intercepts that call and supplies the program opening > > > that device with the output of the actual device. > > > > > > This is why these device files are created with the mknod utility, > > > rather than just copying a file to /dev/random - since doing that is > > > accessing the device, not creating the device file. > > > > > > So, deleting these /dev devices saves you practically no space at > > > all, and does not in fact delete the devices - it only deletes the > > > access point to them. The devices are still there in the kernel. > > > > No, in 5.x the device nodes are created automatically by devfs and > > only appear in /dev by default if support is enabled in the kernel. > > Ah, yes I wasn't paying attention, he did say 5. I stopped paying > attention > after reading that he was wanting to remove /dev/random. > > > As the original poster discussed, /dev/io, /dev/mem and /dev/random > > are optional components of the 5.x kernel, although as I replied, the > > situations in which one would not want to include them are limited. > > > > Actually, recompiling openssl to use a prng daemon instead of the random > device > will probably improve your ssh security - unless they have greatly > improved the entropy generation in the random device in 5.X Is the /dev/random on FreeBSD really this bad? I thought it should be better since it can gather entropy from all over the kernel like interrupts. I'm pretty sure I read that linuxes /dev/random was far supieror to prng and I'd expect FreeBSD to be the same unless someone was lazy in implementing it or there is some major security hole in it. > > Ted > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050228124023.GH1672>