On Tue, 24 Jul 2012, David Schultz wrote:
On Wed, Jul 04, 2012, Doug Barton wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/04/2012 13:32, Andrey Chernov wrote:
1) /dev/urandom may not exist in jails/sandboxes
That would be a pretty serious configuration error.
Yes -- but the
On Wed, Jul 04, 2012, Doug Barton wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 07/04/2012 13:32, Andrey Chernov wrote:
> > 1) /dev/urandom may not exist in jails/sandboxes
>
> That would be a pretty serious configuration error.
Yes -- but the scary part is that arc4random()
On Thu, Jul 05, 2012 at 11:39:02PM +0200, Pawel Jakub Dawidek wrote:
> > sysctls are not all Giant locked. KERN_ARND is marked MPSAFE, so it does
> > not
> > use Giant:
>
> It doesn't really matter. Our in-kernel random generator has its own
> giant lock, so is basically single threaded. Compa
On Thu, Jul 05, 2012 at 07:49:42AM -0400, John Baldwin wrote:
> On Wednesday, July 04, 2012 4:45:54 pm Attilio Rao wrote:
> > 2012/7/4 David Chisnall :
> > > On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> > >
> > >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old
> way
> >
On Wednesday, July 04, 2012 4:45:54 pm Attilio Rao wrote:
> 2012/7/4 David Chisnall :
> > On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> >
> >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old
way
> >> initialization) always exists.
> >
> > From the perspective of Capsicum
On 07/04/12 13:45, Attilio Rao wrote:
> I recall that at some point /dev/random was introducing some
> scalability penalty on php [...]
... thus reinforcing the stereotype that PHP Does Stuff Wrong.
Userland processes should get entropy from the kernel *once* at launch
time and place it into an e
On Wed, Jul 04, 2012 at 01:49:01PM -0700, Doug Barton wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 07/04/2012 13:32, Andrey Chernov wrote:
> > 1) /dev/urandom may not exist in jails/sandboxes
>
> That would be a pretty serious configuration error.
>
It may be true, but old
On Wed, Jul 04, 2012 at 09:45:54PM +0100, Attilio Rao wrote:
> 2012/7/4 David Chisnall :
> > On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> >
> >> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old way
> >> initialization) always exists.
> >
> > From the perspective of Capsicu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/04/2012 13:32, Andrey Chernov wrote:
> 1) /dev/urandom may not exist in jails/sandboxes
That would be a pretty serious configuration error.
- --
This .signature sanitized for your protection
-BEGIN PGP SIGNATURE-
Version: GnuP
2012/7/4 David Chisnall :
> On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
>
>> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old way
>> initialization) always exists.
>
> From the perspective of Capsicum sandboxes, a device node is better than a
> sysctl. The kernel must har
On 4 Jul 2012, at 21:32, Andrey Chernov wrote:
> 1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old way
> initialization) always exists.
From the perspective of Capsicum sandboxes, a device node is better than a
sysctl. The kernel must hard-code policy about which sysctls a
On Wed, Jul 04, 2012 at 11:02:20PM +0300, Konstantin Belousov wrote:
> On Wed, Jul 04, 2012 at 07:51:25PM +, Pawel Jakub Dawidek wrote:
> > Author: pjd
> > Date: Wed Jul 4 19:51:25 2012
> > New Revision: 238118
> > URL: http://svn.freebsd.org/changeset/base/238118
> >
> > Log:
> > Prefer sy
On Wed, Jul 04, 2012 at 07:51:25PM +, Pawel Jakub Dawidek wrote:
> Author: pjd
> Date: Wed Jul 4 19:51:25 2012
> New Revision: 238118
> URL: http://svn.freebsd.org/changeset/base/238118
>
> Log:
> Prefer sysctl to open/read/close for obtaining random data.
> This method is more sandbox-fr
Author: pjd
Date: Wed Jul 4 19:51:25 2012
New Revision: 238118
URL: http://svn.freebsd.org/changeset/base/238118
Log:
Prefer sysctl to open/read/close for obtaining random data.
This method is more sandbox-friendly and also should be faster as only
one syscall is needed instead of three.
14 matches
Mail list logo
