From: Robert Love <rml@tech9.net>
To: Bill Davidsen <davidsen@tmr.com>
Cc: Roland Dreier <roland@topspincom.com>, linux-kernel@vger.kernel.org
Subject: Re: Continuing /dev/random problems with 2.4
Date: 05 Feb 2002 18:17:26 -0500 [thread overview]
Message-ID: <1012951046.1064.123.camel@phantasy> (raw)
In-Reply-To: <Pine.LNX.3.96.1020205175725.3562A-100000@gatekeeper.tmr.com>
In-Reply-To: <Pine.LNX.3.96.1020205175725.3562A-100000@gatekeeper.tmr.com>
On Tue, 2002-02-05 at 18:02, Bill Davidsen wrote:
> You seem to equate root space with user space, which is a kernel way of
> looking at things, particularly if you haven't been noting all the various
> hacker attacks lately. Just because it is possible to run in user space
> doesn't mean it's desirable to do so, and many sites don't really want
> things running as root so they can feed other things to the kernel.
>
> The assumption that power users will know how to fix it and other users
> won't notice they have no entropy isn't all that appealing to me, I want
> Linux to be as easy to do right as the competition.
It is certainly desirable to run as much as feasibly possible in
userspace. The only exception of things that could be handled in
userspace but are allowed to live in kernel space would be performance
critical and stable items (say, TCP/IP).
No one said the rngd has to run as root. For example, run it as nobody
in a random group and give /dev/random write privileges to the random
group.
If userspace equates to insecure, and we stick things in the kernel for
that reason, we are beyond help ...
Robert Love
next prev parent reply other threads:[~2002-02-05 23:18 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-01 9:17 Continuing /dev/random problems with 2.4 Ken Brownfield
2002-02-01 16:36 ` Andreas Dilger
2002-02-01 17:00 ` Ken Brownfield
2002-02-01 16:53 ` Robert Love
2002-02-01 17:01 ` Ken Brownfield
2002-02-04 9:28 ` Sean Hunter
2002-02-01 18:40 ` H. Peter Anvin
2002-02-01 19:38 ` Ken Brownfield
2002-02-01 19:50 ` Robert Love
2002-02-01 19:52 ` Ken Brownfield
2002-02-01 19:57 ` Andreas Dilger
2002-02-01 20:22 ` Ken Brownfield
2002-02-01 19:43 ` Andreas Dilger
2002-02-01 20:12 ` H. Peter Anvin
2002-02-01 20:28 ` Jeff Garzik
2002-02-02 1:33 ` David Wagner
2002-02-02 8:01 ` Jeff Garzik
2002-02-02 8:54 ` Kai Henningsen
2002-02-02 11:13 ` Andreas Dilger
2002-02-04 22:13 ` Bill Davidsen
2002-02-04 22:37 ` Roland Dreier
2002-02-04 22:45 ` Robert Love
2002-02-05 23:02 ` Bill Davidsen
2002-02-05 23:17 ` Robert Love [this message]
2002-02-06 16:16 ` Bill Davidsen
2002-02-06 16:31 ` Need a clew WRT fig2dev Kirk Reiser
2002-02-06 16:42 ` Adrian Bunk
2002-02-06 20:40 ` Jeff Garzik
2002-02-09 19:45 ` Continuing /dev/random problems with 2.4 Nix N. Nix
2002-02-03 12:51 ` Henning P. Schmiedehausen
2002-02-01 20:23 ` Peter Monta
2002-02-01 20:27 ` H. Peter Anvin
2002-02-01 20:36 ` Jeff Garzik
2002-02-01 20:33 ` Jeff Garzik
2002-02-01 20:40 ` H. Peter Anvin
2002-02-01 20:54 ` Jeff Garzik
2002-02-01 20:56 ` Peter Monta
2002-02-01 22:54 ` H. Peter Anvin
2002-02-01 23:27 ` Peter Monta
2002-02-02 1:50 ` H. Peter Anvin
2002-02-02 2:05 ` David Wagner
2002-02-02 3:30 ` Peter Monta
2002-02-02 21:02 ` Martin Dalecki
-- strict thread matches above, loose matches on Subject: below --
2002-02-04 21:53 Ishan O. Jayawardena
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1012951046.1064.123.camel@phantasy \
--to=rml@tech9.net \
--cc=davidsen@tmr.com \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@topspincom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox