/dev/io , /dev/mem : only used by Xorg?
tedm at toybox.placo.com
Mon Feb 28 12:58:06 GMT 2005
> -----Original Message-----
> From: Loren M. Lang [mailto:lorenl at alzatex.com]
> Sent: Monday, February 28, 2005 4:40 AM
> To: Ted Mittelstaedt
> Cc: Kris Kennaway; Rob; FreeBSD questions
> Subject: Re: /dev/io , /dev/mem : only used by Xorg?
> On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote:
> > > -----Original Message-----
> > > From: Kris Kennaway [mailto:kris at obsecurity.org]
> > > Sent: Monday, February 28, 2005 2:58 AM
> > > To: Ted Mittelstaedt
> > > Cc: Rob; FreeBSD questions
> > > Subject: Re: /dev/io , /dev/mem : only used by Xorg?
> > >
> > >
> > > On Mon, Feb 28, 2005 at 01:32:26AM -0800, Ted Mittelstaedt wrote:
> > >
> > > > Instead, they are part of the kernel itself.
> > > >
> > > > All the /dev files are, /dev/random, /dev/ad0 and so on,
> are simple
> > > > files that take up only a few bytes of space. They are
> > > > "hook points" to use to get to these devices. That is, when
> > > a program
> > > > accesses /dev/random, it isn't actually opening that
> file. Instead,
> > > > the kernel intercepts that call and supplies the program opening
> > > > that device with the output of the actual device.
> > > >
> > > > This is why these device files are created with the
> mknod utility,
> > > > rather than just copying a file to /dev/random - since
> doing that is
> > > > accessing the device, not creating the device file.
> > > >
> > > > So, deleting these /dev devices saves you practically no space at
> > > > all, and does not in fact delete the devices - it only
> deletes the
> > > > access point to them. The devices are still there in the kernel.
> > >
> > > No, in 5.x the device nodes are created automatically by devfs and
> > > only appear in /dev by default if support is enabled in the kernel.
> > Ah, yes I wasn't paying attention, he did say 5. I stopped paying
> > attention
> > after reading that he was wanting to remove /dev/random.
> > > As the original poster discussed, /dev/io, /dev/mem and /dev/random
> > > are optional components of the 5.x kernel, although as I
> replied, the
> > > situations in which one would not want to include them are limited.
> > >
> > Actually, recompiling openssl to use a prng daemon instead
> of the random
> > device
> > will probably improve your ssh security - unless they have greatly
> > improved the entropy generation in the random device in 5.X
> Is the /dev/random on FreeBSD really this bad?
Yes - there's some random testing suites on the Internet, find a
few and compile them. (ENT for example) Run them repeatedly and see what
Part of the problem is that BY DEFAULT the random device DOES NOT
look at interrupts. See the man page for rndcontrol. Presumably
the system admin of the system knows this and looks at his dmesg
output to see which irq's are assigned to network cards and hard
disks (which are fairly good sources of randomness) and sets the
random device to use these. In practice this isn't something mentioned
in the install docs so it is very unlikely many people know.
Another strange thing is that /dev/random should block when it
runs out of entropy - it doesen't seem to do so, however. And the
device doesen't seem to gain entropy that quickly.
> I thought it should be
> better since it can gather entropy from all over the kernel like
> interrupts. I'm pretty sure I read that linuxes /dev/random was far
> supieror to prng and I'd expect FreeBSD to be the same unless someone
> was lazy in implementing it or there is some major security hole in it.
The FreeBSD random device is a port of the same Linux code.
Interestingly enough, Sun's Solaris x86 random driver sucks too in the
same way, runs out of entropy quickly and doesen't recharge that rapidly.
There's a couple people who have written prngs which they claim are far
superior to the random devices. Do a search and you will run across
An excellent random device would be a portable fm radio tuned to in
stations and feeding the mic input of a soundcard. That's what you use
you don't want NSA's supercomputers breaking your keys. ;-) But of
you pulled entropy out of that too fast, you would run into the speed
of the D/A converter in the soundcard input.
More information about the freebsd-questions