RNDGETPOOLSTAT

To: tech-kern%netbsd.org@localhost
Subject: RNDGETPOOLSTAT
From: Iain Hibbert <plunky%rya-online.net@localhost>
Date: Sun, 22 Feb 2009 11:19:27 +0000 (GMT)

Hi,

I wonder if there is a reason that the RNDGETPOOLSTAT ioctl from rnd(4) is
privileged?  It returns the following structure

typedef struct
{
        uint32_t        poolsize;
        uint32_t        threshold;
        uint32_t        maxentropy;

        uint32_t        added;
        uint32_t        curentropy;
        uint32_t        removed;
        uint32_t        discarded;
        uint32_t        generated;
} rndpoolstat_t;

I'm no security weenie, is that sensitive information?  The curentropy
value at least is freely available otherwise with RNDGETENTCNT.

(I noticed that a script using 'dd if=/dev/random count=1 | md5' blocked
on my freshly booted system and see no way for a script to test in advance
if that would happen, because rndctl(8) can't show the stats to ordinary
users)

regards,
iain

Prev by Date: Re: Fixes for ffs/logging issues for 5.0, for review
Next by Date: Re: Fixes for ffs/logging issues for 5.0, for review
Previous by Thread: Fixes for ffs/logging issues for 5.0, for review
Next by Thread: filepl panic
Indexes:

Home | Main Index | Thread Index | Old Index