Subject: Re: navigator 4.79 with 1.6B/i386
To: Steven M. Bellovin <smb@research.att.com>
From: Andrew Brown <atatat@atatdot.net>
List: netbsd-users
Date: 06/12/2002 13:29:26
>In this case, Netscape is invoking netstat (I'm not sure why it
>wants to, but I haven't groveled through the Mozilla source, and does
>the same thing), and has those file descriptors closed. Nothing to
>worry about in this case, and arguably not worth a console message.
i did just that last night, because i wanted to patch mozilla so that
it wouldn't cause these kinds of messages. it was trivial to find
(although my initial plan to run mkid on the mozilla source failed
admirably -- five minutes of churning and all i got to show for it was
a core dump from mkid), and even easier to fix.
hmm...perhaps i should commit the patch. :)
it looks, to me, like mozilla (and, by extension, probably netscape as
well) is using the output of "netstat -ni" to see its random number
generator.
from the bottom of the RNG_SystemInfoForRNG() function in
security/nss/lib/freebl/unix_rand.c:
fp = safe_popen(netstat_ni_cmd);
if (fp != NULL) {
while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
RNG_RandomUpdate(buf, bytes);
safe_pclose(fp);
}
this is preceded by seeding from environment variables (which are
probably somewhat unchanging from run to run), the stealing of 1024
bytes from /dev/urandom (not so bad), data from whatever is in the
file denoted by NSRANDFILE in the environment, the contents of
/etc/passwd, /etc/utmp, /tmp, /var/tmp, /usr/tmp (each of which have
varying degrees of change possibity -- i presume for the directories
it just reads them as if they were files), and maybe even some "ps
aux" output.
not bad, per se, but not exactly good either.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."