On Sun, Oct 3, 2010 at 9:08 AM, Mark Kettenis <[email protected]> wrote: >> Date: Sat, 2 Oct 2010 11:54:13 -0400 (EDT) >> From: Ted Unangst <[email protected]> >> >> Speaking of the entropy pool, it should be difficult for a user to >> influence, right? So it's not the greatest idea to allow anyone who opens >> the device to feed ioctls with fairly well known parameters and stir the >> pot? > > The add_timer_randomness() calls stir the pot, but we don't count the > entropy. So no harm is done if a malicious users tries to attack the > pool with well-timed ioctls.
Is there any benefit to these calls? If so, why only count timer randomness for these ioctls? Why not all ioctls?
