看板 FB_security 關於我們 聯絡資訊
發信人obrien@FreeBSD.org (David O'Brien),
看板FB_security
標 題Re: svn commit: r239598 - head/etc/rc.d
發信站NCTU CS FreeBSD Server (Wed Sep 5 21:40:50 2012)
轉信站ptt!csnews.cs.nctu!news.cs.nctu!.cs.nctucs.nctu!.org!ownorg!owner-free
On Tue, Sep 04, 2012 at 02:15:17PM -0600, Ian Lepore wrote: > pscmd="ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl" I do like the changes that this gives over 'ps -fauxww'. root 11 80.6 0.0 0 32 - RL 8:40AM 0:03.09 [idle] - 1078 1495 0:03.09 8 8 root 11 42.8 0.0 0 32 - RL 8:40AM 0:04.23 [idle] - 1401 1012 0:04.23 8 8 root 5 21.6 0.0 0 16 - DL 8:40AM 0:02.17 [xpt_thrd] ffffffff811931e0 104 1 0:02.17 8 4 -vs- root 11 121.9 0.0 0 32 - RL 8:40AM 0:06.48 [idle] root 5 21.6 0.0 0 16 - DL 8:40AM 0:00.00 [xpt_thrd] > The sysctl -a in the original initrandom sequence was part of the killer > for execution time. On a 180mhz arm chip that command alone takes like > 3 seconds, and it generates a lot of unchanging boilerplate text. I > remember picking a few select values that had a good chance of being > different from one run to the next. I've found that 'sysctl -a' can generate ~270K of output with very little of it differing between runs. I've checked the output across reboots at the point that 'initrandom' runs. I've found sysctl kern.cp_times kern.cp_time kern.geom kern.lastpid \ kern.timecounter kern.tty_nout kern.tty_nin vm vfs debug dev.cpu to concentrate the changes across reboots. However, I have not tested this on ARM or MIPS to ensure these MIB's exist. Just to double check, you're saying the 3 seconds was for 'sysctl -a > /dev/null' vs. feeding that amount of input into /dev/random? > Those commands still generated a fair amount of unchanging boilerplate > text, and it's mostly the numbers that change, so I fed all the output > through tr to strip out everything but the numbers. I would use "tr -Cd '0123456789xabcdef'" since many of the numbers are in hex, and would restrict to just the sysctl output. But otherwise I like this idea. Can you time some things on your ARM? 'sysctl -a' vs. my MIB list above? Also your shorter list? -- -- David (obrien@FreeBSD.org) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"