svn commit: r240108 - head/etc/rc.d
David E. O'Brien
obrien at FreeBSD.org
Tue Sep 4 21:47:10 UTC 2012
Author: obrien
Date: Tue Sep 4 21:47:09 2012
New Revision: 240108
URL: http://svn.freebsd.org/changeset/base/240108
Log:
* Rather than run the same 'ps' command twice, add 'kenv' which often
gives machine unique values from the firmware.
* The kernel is more likely to be unique than /bin/ls (but no need to
stuff many megabytes into /dev/random, so hash it).
* Change ordering to give larger variance across reboots to reduce
predictability.
Modified:
head/etc/rc.d/initrandom
Modified: head/etc/rc.d/initrandom
==============================================================================
--- head/etc/rc.d/initrandom Tue Sep 4 21:40:53 2012 (r240107)
+++ head/etc/rc.d/initrandom Tue Sep 4 21:47:09 2012 (r240108)
@@ -27,9 +27,11 @@ better_than_nothing()
# harvesting rate.
# Entropy below is not great, but better than nothing.
# This unblocks the generator at startup
- ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
+ # Note: commands are ordered to cause the most variance across reboots.
+ ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
+ | dd of=/dev/random bs=8k 2>/dev/null
+ /sbin/sha256 -q `sysctl -n kern.bootfile` \
| dd of=/dev/random bs=8k 2>/dev/null
- cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
}
initrandom_start()
More information about the svn-src-all
mailing list