[PATCH RFC] Disable save-entropy in jails
RW
rwmaillists at googlemail.com
Wed Dec 25 22:50:05 UTC 2013
On Wed, 25 Dec 2013 22:24:27 +0100
Pawel Jakub Dawidek wrote:
> We could do the same for save-entropy. It would be even nicer to have
> some flag so that even sysctl(8) is not executed.
The only security consideration here is that a bug in that conditional
test might prevent entropy being saved. The benefit is saving a few KBs
of disk space and a few cpu cycles a few times an hour. Tiny risk, even
tinier benefit IMO.
More information about the freebsd-security
mailing list