>>>>> "Russ" == Russ Allbery <[EMAIL PROTECTED]> writes:
Russ> Ah, okay, thank you for the information. I didn't realize
Russ> that that flag did the equivalent of setting the file
Russ> descriptor non-blocking; I thought it only affected the open
Russ> itself. That's a good thing to learn.
Russ> That being said, I don't think this is really the best fix.
Russ> I'm not at all confident in the security implications of
Russ> allowing kadmind to proceed with insufficient entropy.
Russ> Instead, it seems to me that the correct fix would be for
Russ> kadmind to background itself before going looking for
Russ> entropy rather than afterwards. That kadmind waits for good
Russ> entropy before answering requests isn't actually a bug; the
Russ> real bug is that it blocks the system boot process while
Russ> doing so.
I agree with Russ's analysis; having kadmind answer requests without
entropy would be bad.
--Sam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
