svn commit: r219672 - in head: share/man/man9 sys/i386/include
Jung-uk Kim
jkim at FreeBSD.org
Tue Mar 15 19:56:05 UTC 2011
On Tuesday 15 March 2011 03:33 pm, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 15, 2011 at 05:14:26PM +0000, Jung-uk Kim wrote:
> > Author: jkim
> > Date: Tue Mar 15 17:14:26 2011
> > New Revision: 219672
> > URL: http://svn.freebsd.org/changeset/base/219672
> >
> > Log:
> > Unconditionally use binuptime(9) for get_cyclecount(9) on i386.
> > Since this function is almost exclusively used for random
> > harvesting, there is no need for micro-optimization. Adjust the
> > manual page accordingly.
>
> Note that on early boot only dummy timecounter available, and
> binuptime() has no entropy.
>
> As a result of this change random(9) won't have entropy on early
> boot on i386, and arc4random(9) as well. While there are no known
> major security problems associated with it - it at least makes
> stack protector easily bypasseable as it now (again after r198295)
> uses well-known stack guard instead of random one. And there may
> be other issues as well.
>
> Hope you thought well before moving i386 to a set of platforms
> which have no early boot randomness at all. And you have good
> reason for doing it.
Hmm... Is bintime(9) good enough for you then?
Jung-uk Kim
More information about the svn-src-head
mailing list