[ROS] The perils of security tools
Ben Laurie
ben at links.org
Wed May 14 05:24:08 EDT 2008
Peter Gutmann wrote:
> Ben Laurie <ben at links.org> writes:
>
>> I must confess that I said that because I did not have the energy to figure
>> out the other routes to adding entropy, such as adding an int (e.g. a PID,
>> which I'm told still makes it in there).
>
> So just to clarify, does the Debian patch only remove the ability to add
> uninitialised memory (which will be all-zeroes anyway on an OS with proper
> resource controls) or does it remove the ability to add any entropy at all?
> The advisory makes it sound like it's the latter.
Indeed, it is the latter.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list