Re: Regarding the optional OpenSSL integration for the portable version

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, May 02, 2014 at 10:30:28PM +0000, Scott Neugroschl wrote:
> 
> >NetBSD and FreeBSD (as of 10.0) both use a sysctl, just like OpenBSD.
> > Linux also has an obscure sysctl which pulls directly from the internal
> > CSPRNG. So all of these will work in a jail without /dev or /proc.
> 
> >OS X still seeds itself from /dev/urandom in its arc4random
> > implementation, as it inherited FreeBSD's old code. Solaris sadly only
> > has /dev/urandom.
> 
> And then there are those implementations that have to use PRNGD because
> there's no built-in source of randomness.
> 

That's basically equivalent to /dev/urandom from the code's perspective. The
reason why /dev/urandom sucks is two-fold: 1) as already mentioned you can't
access it inside a chroot jail (unless explicitly created, but then you
can't mount with the nodev option), but also 2) you may have hit a file
descriptor limit and can't even open it.

Along those same lines: I don't understand why Linux, glibc & Co. are so
gung-ho about the /proc filesystem. Some glibc routines depend on it. /proc
proponents wave away the chroot jail problem because they seem to believe
complex, global configuration files are somehow preferable. Whatever. They
can keep their opinion. But there's no excusing the file descriptor limit
issue.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux