dev/random
Robert Watson
rwatson at FreeBSD.ORG
Wed Apr 14 10:44:09 PDT 2004
On Wed, 14 Apr 2004, masta wrote:
> >>Anyway, in the circumstances pertaining to this thread, aren't we
> >>talking about diskless clients in a university lab, and an
> >>access-controlled fileserver locked away in a rack somewhere which has
> >>the disks?
> >>
> >
> >I have to say that if you're loading your kernel out of TFTP, and your
> >root file system is running out of NFS, the chances are you won't mind
> >loading /entropy out of NFS.
> >
> Why? We got a NFSv4 client in base.
> Not that this is a highly-likely situation today, I'm just saying anyways.
What I'm saying is: DHCP is pretty insecure against local area attacks, as
is TFTP, so concerns about storing security-related state in NFS for such
systems probably aren't such a big deal.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
More information about the freebsd-current
mailing list