CVS commit: src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Wed, 6 May 2020 18:49:26 +0000

Module Name:    src
Committed By:   riastradh
Date:           Wed May  6 18:49:26 UTC 2020

Modified Files:
        src/etc/rc.d: random_seed
        src/sbin/rndctl: rndctl.8 rndctl.c

Log Message:
Tweak logic to decide whether a medium is safe for an rndseed.

- Teach rndctl to load the seed, but treat it as zero entropy, if the
  medium is read-only or if the update fails.

- Teach rndctl to accept `-i' flag instructing it to ignore the
  entropy estimate in the seed.

- Teach /etc/rc.d/random_seed to:
  (a) assume nonlocal file systems are unsafe, and use -i, but
  (b) assume / is safe, even if it is nonlocal.
  If the medium is nonwritable, leave it to rndctl to detect that.
  (Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
  already implemented it this way.)

Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/etc/rc.d/random_seed
cvs rdiff -u -r1.23 -r1.24 src/sbin/rndctl/rndctl.8
cvs rdiff -u -r1.33 -r1.34 src/sbin/rndctl/rndctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/share/man/man4
Next by Date: CVS commit: src/usr.sbin/lastlogin
Previous by Thread: CVS commit: src/share/man/man4
Next by Thread: CVS commit: src/usr.sbin/lastlogin
Indexes:

Home | Main Index | Thread Index | Old Index