Christian Weisgerber wrote, On 08/16/14 08:54:
On 2014-08-16, Christian Weisgerber na...@mips.inka.de wrote:
How about making etc/random.seed a named pipe and feeding chunks
of /dev/random to it?
I've now put this into my /etc/rc.local:
---
# Provide fresh random.seed for
On 08/17/14 15:35, Clint Pachl wrote:
Christian Weisgerber wrote, On 08/16/14 08:54:
On 2014-08-16, Christian Weisgerber na...@mips.inka.de wrote:
How about making etc/random.seed a named pipe and feeding chunks
of /dev/random to it?
I've now put this into my /etc/rc.local:
Paul de Weerd wrote, On 08/15/14 14:51:
At any rate, this changes that to allow world readable files (still
not taking world writable files). We can't check S_IWOTH over tftp,
we should probably assume 0777 for files transferred that way. But,
if you're trusting the kernel you're getting over
Christian Weisgerber wrote, On 08/15/14 18:36:
On 2014-08-15, Paul de Weerd we...@weirdnet.nl wrote:
What you could do is use the -r option to tftpd(8) to hand out a new
file to each client that connects. Or just periodically (like, every
hour or every minute, depending on the load of your
On 2014-08-16, Clint Pachl pa...@ecentryx.com wrote:
# cd /tftpboot
# mkfifo etc/random.seed
# while true; do dd if=/dev/random count=1 etc/random.seed 2/dev/null;
done
# cd /tftpboot
# mkfifo test.seed
# while :; do dd if=/tmp/counter of=test.seed 2/dev/null; done
Careful!
dd ...
On 2014-08-16, Christian Weisgerber na...@mips.inka.de wrote:
How about making etc/random.seed a named pipe and feeding chunks
of /dev/random to it?
I've now put this into my /etc/rc.local:
---
# Provide fresh random.seed for pxeboot
if cd /tftpboot/etc; then
rm -f
I wonder if there would be some benefit to faking these files from inside
the tftp daemon itself..
This is starting to remind me of Ubuntu's pollen/pollinate services.
On Sat, Aug 16, 2014 at 11:31 AM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
I wonder if there would be some benefit to faking these files from inside
the tftp daemon itself..
Is it safe to generate some randomness in /tftpboot/etc/random.seed for
clients that PXE boot?
My concern is that this file will be available to everyone on the
network via TFTP. So does knowing this randomness help predict the
PRNG output of the clients that use it?
I read in a de Raadt
On Fri, Aug 15, 2014 at 01:24:02AM -0700, Clint Pachl wrote:
| Is it safe to generate some randomness in /tftpboot/etc/random.seed for
| clients that PXE boot?
|
| My concern is that this file will be available to everyone on the network
| via TFTP. So does knowing this randomness help predict
Is it safe to generate some randomness in /tftpboot/etc/random.seed for
clients that PXE boot?
I do not even know if that file will be read... is it?
My concern is that this file will be available to everyone on the
network via TFTP. So does knowing this randomness help predict the
PRNG
On Fri, Aug 15, 2014 at 06:04:56AM -0600, Theo de Raadt wrote:
| Is it safe to generate some randomness in /tftpboot/etc/random.seed for
| clients that PXE boot?
|
| I do not even know if that file will be read... is it?
Yes, it is. Twice, in fact:
Aug 15 14:13:34 tuna tftpd[14711]:
On 2014-08-15, Theo de Raadt dera...@cvs.openbsd.org wrote:
Is it safe to generate some randomness in /tftpboot/etc/random.seed for
clients that PXE boot?
I do not even know if that file will be read... is it?
I would hope so since pxeboot complains about its absence:
OpenBSD/amd64
On August 15, 2014 2:04:56 PM CEST, Theo de Raadt dera...@cvs.openbsd.org
wrote:
Is it safe to generate some randomness in /tftpboot/etc/random.seed
for
clients that PXE boot?
I do not even know if that file will be read... is it?
IIRC, it is tried but deemed unsafe (0555) and therefore
On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt dera...@cvs.openbsd.org
wrote:
| Is it safe to generate some randomness in /tftpboot/etc/random.seed
| for
| clients that PXE boot?
|
| I do not even know if that file will be
On 08/15/14 16:22, Paul de Weerd wrote:
On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt dera...@cvs.openbsd.org
wrote:
| Is it safe to generate some randomness in /tftpboot/etc/random.seed
| for
| clients that PXE boot?
|
|
On Fri, Aug 15, 2014 at 06:55:49PM +0200, Alexander Hall wrote:
| On 08/15/14 16:22, Paul de Weerd wrote:
| On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| | On August 15, 2014 2:04:56 PM CEST, Theo de Raadt
dera...@cvs.openbsd.org wrote:
| | Is it safe to generate some
On Fri, Aug 15, 2014 at 11:51:53PM +0200, Paul de Weerd wrote:
| At any rate, this changes that to allow world readable files (still
| not taking world writable files). We can't check S_IWOTH over tftp,
| we should probably assume 0777 for files transferred that way. But,
| if you're trusting
On 2014-08-15, Paul de Weerd we...@weirdnet.nl wrote:
What you could do is use the -r option to tftpd(8) to hand out a new
file to each client that connects. Or just periodically (like, every
hour or every minute, depending on the load of your tftp server)
replace it with a new random file.
On August 15, 2014 11:51:53 PM CEST, Paul de Weerd we...@weirdnet.nl wrote:
On Fri, Aug 15, 2014 at 06:55:49PM +0200, Alexander Hall wrote:
| On 08/15/14 16:22, Paul de Weerd wrote:
| On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| | On August 15, 2014 2:04:56 PM CEST, Theo de
On August 16, 2014 12:09:32 AM CEST, Paul de Weerd we...@weirdnet.nl wrote:
On Fri, Aug 15, 2014 at 11:51:53PM +0200, Paul de Weerd wrote:
| At any rate, this changes that to allow world readable files (still
| not taking world writable files). We can't check S_IWOTH over tftp,
| we should
21 matches
Mail list logo