svn commit: r239598 - head/etc/rc.d

David O'Brien obrien at FreeBSD.org
Thu Sep 6 16:45:15 UTC 2012 

On Tue, Sep 04, 2012 at 03:39:34PM -0700, Doug Barton wrote:
> Regarding your changes in r240108:
> 
> 1. Adding kenv to the mix is probably a good idea, however the output of
> the ps command won't be the same both times it is run, which is why it
> was in there twice.

Doug,
Have you actually looked at the 'ps' output from the two runs from within
'initrandom'?  I have.  On my test system I got 1608 bytes of output on
24 well structured lines.

The two runs differed so little (only 5 lines) about all you could claim
is might add 1 bit of entropy.  But the search space to find the
differences given the first run is so minimal I don't see that it adds
any real value.  You should be suggesting totally different commands to
run that will provide better than a second run of 'ps'.


> I'll have to give the kenv output a look. I would
> also like to confirm that it's available on all platforms.

Geez, I'm not that stupid.  Do you see any guards within bin/Makefile
that only build it for for some architectures?  I verified we have it on
MIPS, ARM, and PowerPC and gives some output.  It does not give as much
system-specific output as on x86 -- I wish it did, but the output can be
rather unique on x86 it is worth including it.


> 2. I'm not sure I like the change from cat'ing /bin/ls to the hash of
> the kern.bootfile output. Given that most users stick with the GENERIC
> kernel or the same custom kernel on multiple machines I'm not confident
> that there will be a statistically significant difference in the amount
> entropy between the 2,

Vs /bin/ls?  We have a chapter in the handbook on building your own
kernel
[http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html].
Do we have a chapter on building a custom /bin/ls?

A kernel build is a combination of 946 knobs.  /bin/ls has 1, leading
to two different results.  So you really think there is more chance
that /bin/ls will vary between two installations of the same version
of FreeBSD?  You don't believe most users use the same /bin/ls across
multiple machines?

 
> 3. Given that we're running the same set of commands at each boot, it's
> not clear to me how changing the order helps, but I don't necessarily
> disagree with that change.

It's the same point that Ian Lepore made about variance.  Also
http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix98.pdf page 9.
[usenix98.pdf is one of the yarrow paper's references]


> Thanks. In case it's not clear, please hold off on any further changes
> until we have a better consensus on what the changes should be.

The commit was 15 days ago, and its been 4 days since you started this thread.
At this point you're the only one that has spoken up against the changes.
Arthur and I have provided you our reasoning.  I've provided references,
pointed out the code, discussed my changes and reasoning with multiple
security professionals at $WORK where we make products based on FreeBSD
and have FIPS-140 Level 2 certificates[*].  I will only wait but so much
longer before I feel there is near-unanimous consensus.

-- 
-- David  (obrien at FreeBSD.org)

[*] http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

More information about the freebsd-rc mailing list