Re: Collecting entropy from device_attach() times.
On Fri, Sep 21, 2012 at 07:35:49AM +0200, Pawel Jakub Dawidek wrote:
> Note that adding sysctl to turn off entropy harvesting from
> device_attach() is pretty useless, as sysctls can be changed once we
> start userland and then all device_attach() are already called (modulo
> drivers loaded later).
That is what I had in mind -- .ko drivers loaded post 'initrandom'.
The same could be said for kern.random.sys.harvest.interrupt.
By the time kern.random.sys.harvest.interrupt can be turned off,
my test system has already processed 784 'origin interrupt' queue
entries and went from kern.random.sys.seeded=0->1.
> What I'd like to see is for all those sysctls to
> have corresponding tunables, then it would make more sense.
True. I don't know if Mark thought about this approach and felt
there was an issue or not.
For consistency sake, if we have kern.random.sys.harvest.interrupt,
we should have kern.random.sys.harvest.devprobe (or what ever we'd
call it).
--
-- David (obrien@FreeBSD.org)
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 36 之 80 篇):