On 09/21/2012 12:09 AM, Pawel Jakub Dawidek wrote: > On Thu, Sep 20, 2012 at 11:08:15PM -0700, David O'Brien wrote: >> On Fri, Sep 21, 2012 at 07:35:49AM +0200, Pawel Jakub Dawidek wrote: >>> Note that adding sysctl to turn off entropy harvesting from >>> device_attach() is pretty useless, as sysctls can be changed once we >>> start userland and then all device_attach() are already called (modulo >>> drivers loaded later). Devices can be added at any time in the life of the system via USB, and other interfaces. >> That is what I had in mind -- .ko drivers loaded post 'initrandom'. >> >> The same could be said for kern.random.sys.harvest.interrupt. >> By the time kern.random.sys.harvest.interrupt can be turned off, >> my test system has already processed 784 'origin interrupt' queue >> entries and went from kern.random.sys.seeded=0->1. > > Yes, this is exactly why I'd like to see corresponding tunable for all > those sysctls. Agreed. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"