Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: recent sysinst UX changes

>> Lack of good randomness does not quite equal insecure install.  Warn
>> about it, sure, but I think *requiring* randomness is a bad idea.
>> For example, I've been working with recent NetBSD at work, for
>> something for which the presence or absence of good random-seed data
>> makes absolutely no difference to security.
> Unfortunately it leads to surprise failures if programs ever use
> /dev/random.

This does not happen for the product in question.  There isn't even any
entry "random" in /dev in the shipped filesystem - there are only 50
entries in its /dev.

I recognize that we won't be using sysinst for the shipped filesystem
image anyway.  I'm just trying to point out that typical installs
needing $THING is not a good reason to insist on everyone having
$THING.  (For whose value of "typical installs", anyway?)  I'm building
kernels with neither INET nor INET6 - it doesn't quite work out of the
box for 9.1, but it's close enough that only a few files need fixing.
Last time I tried it, sysinst let me install a system with no IP
address configuration.  IMO this should be the same: done by default,
automatically if it's easy, but should be skippable if the user says to
despite the warnings.

In any case, even if the installed system needs a random seed file,
that is not the same thing as sysinst needing to install it.

> So far we've seen:
> - Firefox refusing to start

IMO, bug in Firefox.  Hanging during startup when trying to do
something like fetch a user's configured initial page which is stuck
behind HTTPS, that's fine, even expected.  Refusing to start?  No.

> - Python having problems

Depending on what the "problems" are, I could call this anything from
"expected" to "bug in python".

In any case, even if NetBSD were to ship with firefox and python,
nothing says the user has to use either one; I still don't see these as
justifying sysinst insisting on installing a random seed file.

> And some more things that have been patched not to use /dev/random.

Sure.  And if you don't set the timezone, you'll be stuck in UTC.  And
if you don't set up a mailer, mail won't work.  If you don't set any
DNS servers, things depending on name resolution won't work.  I don't
see this as fundamentally any different.

Warning, fine.  Enforcing, not - IMO! - fine.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index