Re: dev/random

From: Robert Watson <rwatson_at_FreeBSD.ORG>
Date: Wed, 14 Apr 2004 13:43:30 -0400 (EDT)
On Wed, 14 Apr 2004, masta wrote:

> >>Anyway, in the circumstances pertaining to this thread, aren't we
> >>talking about diskless clients in a university lab, and an
> >>access-controlled fileserver locked away in a rack somewhere which has
> >>the disks? 
> >>
> >
> >I have to say that if you're loading your kernel out of TFTP, and your
> >root file system is running out of NFS, the chances are you won't mind
> >loading /entropy out of NFS.
> >
> Why? We got a NFSv4 client in base.
> Not that this is a highly-likely situation today, I'm just saying anyways.

What I'm saying is: DHCP is pretty insecure against local area attacks, as
is TFTP, so concerns about storing security-related state in NFS for such
systems probably aren't such a big deal.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert_at_fledge.watson.org      Senior Research Scientist, McAfee Research
Received on Wed Apr 14 2004 - 08:44:09 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC