Hi list,
I wonder how exactly the /dev/random of (chrooted) named works.
If I just start named with named_flags=, the log says
named[9291]: could not open entropy source /dev/arandom: file not found
named[9291]: using pre-chroot entropy source /dev/arandom
(But named runs just fine beside that.)
Now, named is chrooted into /var/named, and there is no
/var/named/dev/arandom indeed. According to
usr/share/doc/html/bind/Bv9ARM.ch06.html#options saying
random-device
[...] If not specified, the default value is /dev/random
(or equivalent) when present, and none otherwise.
I assume that in that point named does not use any in-kernel
random source (which is OK). But is is not so -
# fstat /dev/arandom
USER CMD PID FD MOUNTINUM MODE R/WSZ|DV NAME
namednamed 195686 /5386 crw-r--r-- r arandom
/dev/arandom
- named uses the out-of-chroot /dev/arandom.
It seems that the documentation is a bit misleading there: if the
(chrooted) /dev/arandom (an equivalent ov /dev/random I suppose)
is not there, it uses the (non-chrooted) /dev/arandom (and not 'none').
(Or perhaps I just miss-interpreted this.)
What bothers me more is: does that mean that named is _not_ chrooted
now? Because if it were chrooted, how could it 'see' the 'real'
/dev/arandom?
Note that 19568 is the pid of the 'child' named (which runs as the
named user):
|-+= 18849 root named: [priv] (named)
| \--- 19568 named named
Trying to give named its own random-source, I stopped named, did
# cd /var/named/dev/
# /dev/MAKEDEV arandom
# ls -l
total 0
crw-r--r-- 1 root wheel 45, 4 Apr 3 14:16 arandom
srw-rw-rw- 1 root wheel 0 Apr 3 13:51 log
crw-r--r-- 1 root wheel 45, 3 Apr 3 14:16 prandom
crw-r--r-- 1 root wheel 45, 0 Apr 3 14:16 random
crw-r--r-- 1 root wheel 45, 1 Apr 3 14:16 srandom
crw-r--r-- 1 root wheel 45, 2 Apr 3 14:16 urandom
and started named again. Now the log says
named[25688]: /usr/src/usr.sbin/bind/lib/isc/unix/errno2result.c:111:
unexpected error:
named[25688]: unable to convert errno to isc_result: 6: Device not configured
named[25688]: could not open entropy source /dev/arandom: unexpected error
named[25688]: using pre-chroot entropy source /dev/arandom
So why is /var/named/dev/arandom not configured. Is there something
that needs to be done beside MAKEDEV?
Thanks a lot
Jan
OpenBSD 4.3-current (GENERIC) #0: Mon Mar 17 16:21:09 CET 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 432
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem = 133791744 (127MB)
avail mem = 121327616 (115MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address
00:0d:b9:12:9f:2c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address
00:0d:b9:12:9f:2d
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address
00:0d:b9:12:9f:2e
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: CF CARD 4GB
wd0: 1-sector PIO, LBA, 3871MB, 7928928 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15, version 1.0,
legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
