Re: svn commit: r239569 - head/etc/rc.d

On Mon, Sep 10, 2012 at 04:53:34PM +0200, Dag-Erling Smrgrav wrote:
> David O'Brien <obrien@FreeBSD.org> writes:
> > +	( dmesg; kenv; df -ib; \
> 
> None of these change much between reboots; dmesg and kenv don't change
> at all,

I know that.

I mentioned some attacker scenarios in a
previous email.  None of this is all that good... but at least for the
attacker who does not have a login on the system, how likely are they to
be able to guess what my kenv (and dmesg) output is?  Sure the search
space of all possible outputs isn't really all that great, but these
add at least *some* effort.  By passing this output thru a cryptographic
hash, we aren't overfilling the internal yarrow seed buffers so it is OK
to error on adding 1 more bit of entropy if the output is fast to get and
output.

>  and neither does df unless you have /tmp and / or /var on /.

Agreed.

> > +	    ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl; \
> -f doesn't hurt but is unlikely to make any difference in the output.
> -u is overridden by -o and therefore pointless.

Please verify this claim (or have I misunderstood you?):

$ ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl >/tmp/1
$ ps -faxrH  -o nwchan,nivcsw,nvcsw,time,re,sl >/tmp/2
$ diff -u /tmp/1 /tmp/2

   --- /tmp/1       2012-09-10 22:13:56.000000000 -0700
   +++ /tmp/2       2012-09-10 22:14:02.000000000 -0700
   @@ -1,112 +1,112 @@
   -USER   PID  %CPU %MEM   VSZ   RSS TT  STAT STARTED       TIME COMMAND          NWCHAN             NIVCSW    NVCSW       TIME  RE  SL
   -root    11 100.0  0.0     0    32  -  RL   Thu09AM 6518:01.18 [idle]           -                31970908  1566173 6518:01.18 127 127
   -root    11 100.0  0.0     0    32  -  RL   Thu09AM 6516:05.59 [idle]           -                 8697044   735838 6516:05.59 127 127
   -root     0   0.0  0.0     0   192  -  DLs  Thu09AM    0:54.67 [kernel]         ffffffff81288b00      103    39126    0:54.67 127   4
   ...
   +NWCHAN             NIVCSW    NVCSW       TIME  RE  SL
   +-                31971474  1566182 6518:07.65 127 127
   +-                 8697241   735839 6516:12.08 127 127
   +ffffffff81288b00      103    39127    0:54.67 127   1

In the above I am not saying anything about the usefulness of including
"-u", just that it is fully overridden by -o and thus useless.

> -r just changes the sort order, which is probably pointless.

I'm not wedded to "-r", but since you're proposing this to not use "-r",
which Ian Lepore suggested after instrumenting /etc/rc.d/initrandom and
looking at the output, please show a diff of two boots with "-r" and
without "-r" so can see what the change really is.

> -H greatly increases the amount of data but not the entropy.

I disagree.  It isn't a great amount of variance and thus
unpredictability, but it is a little bit.

Have you instrumented /etc/rc.d/initrandom and diff'ed two boots?
I have.

> time, re and sl are in seconds and therefore extremely predictable.

easily to predict, but more than zero effort.

> so:
>  ps -axo nwchan,majflt,minflt,nivcsw,nvcsw

I do like adding "majflt,minflt" from what I've seen of the output.
Thus (sorting the fields):

    ps -fauxrH -o majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time

-- 
-- David  (obrien@FreeBSD.org)

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"