Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: regarding the changes to kernel entropy gathering
Date: Mon, 5 Apr 2021 01:14:01 +0200
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Message-ID: <YGpIObngKJ4qaxDf%bec.de@localhost>
| That is discussed in the security model Taylor presented a long time
| ago. In short: nothing. In most use cases, you are screwed at this point
| anyway
This is where the disconnect is happening I think. Many of you are
simply not understanding the point.
I am not screwed, I just don't care. Is that so hard to understand?
Let me make it plainer.
I run systems on which I allow root logins with no password. I have run
systems where root ssh access is permitted, put those together and you
get root access from over the net (and telnet would allow that as well).
Alternatively I can aim for greater security, and configure a root
password ... like say the system's host name.
NetBSD allows me to do all that - it might not be the standard configuration,
but it is possible. You might think it is insane, and that's fine, but
there are reasons.
On recent NetBSD, as I understand it, I can
dd if=/dev/zero bs=N count=1 >/dev/random
and now I have "entropy". But it refuses to provide a simpler knob
to do the same thing (or perhaps something a little saner, but equally
as simple to use).
The logic behind that makes no sense to me.
I understand that some people desire highly secure systems (I'm not
convinced that anyone running NetBSD can really justify that desire,
but that's beside the point) and that's fine - make the system be able
to be as secure as possible, just don't require me to enable it, and
don't make it impossible or even difficuly to disable it - and allow
some kind of middle ground, just just "perfectly secure" and "hopeless".
kre
Home |
Main Index |
Thread Index |
Old Index