From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] system/permissions: /etc/random-seed must be mode 600
Date: Thu, 20 Nov 2014 18:58:23 -0300 [thread overview]
Message-ID: <546E63FF.5070503@zacarias.com.ar> (raw)
In-Reply-To: <1690999.xJl8MaTsPY@sagittea>
On 11/20/2014 06:27 PM, J?r?me Pouiller wrote:
> Just curiosity, does it make sense to provide a random seed? I mean, it is not
> very random, is it?
I have another patch that creates random-seed at build-time that i'm
testing.
That's not too good either since it's fixed "per firmware image" so to
speak, but at least it's better than an easily downloadable fixed seed
from many mirrors :)
The problem with mode 744 (currently) is that anyone can read the seed,
which as we know is fixed for now, but they can also read the evolved
seed too _IF_ the box/device shutdowns properly.
I guess it's time to write some best practices documentation, in this
aspect we can't cover for all the varying possibilities i'm afraid.
Ideally a separate partition/eeprom would contain the seed so as to make
it unique to each device and firmware-independant.
And no, using the device MAC address/serial number for this isn't that
good :)
Regards.
next prev parent reply other threads:[~2014-11-20 21:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-20 21:08 [Buildroot] [PATCH] system/permissions: /etc/random-seed must be mode 600 Gustavo Zacarias
2014-11-20 21:27 ` Jérôme Pouiller
2014-11-20 21:29 ` Peter Korsgaard
2014-11-20 21:58 ` Gustavo Zacarias [this message]
2014-11-25 21:38 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546E63FF.5070503@zacarias.com.ar \
--to=gustavo@zacarias.com.ar \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox