Hi! On Wed, 2014-07-16 at 19:54:38 +0100, Steven Chamberlain wrote: > The other major concern was about scary entropy-gathering code, > implemented in LibreSSL Portable for Linux as a last resort for when > /dev/urandom can't be read. I agree that it's too risky, or: too > difficult to prove safe and robust in any conceivable situation. > Debian's major OpenSSL bug was able to happen undetected for a while out > of similar circumstances. > > A compile-time ifdef already allows to disable this fallback code and > raise SIGKILL instead, crashing the calling process. As part of the > LibreSSL port to GNU/kFreeBSD and Hurd I would actually have asked that > we do this anyway in Debian, at least for those platforms.
kFreeBSD does have a supported sysctl for this: CTL_KERN KERN_ARND. (As does NetBSD which has two, KERN_URND and KERN_ARND.) Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
