gpg avc
Colin Walters
walters at redhat.com
Wed Apr 21 13:29:47 UTC 2004
On Wed, 2004-04-21 at 04:40, Russell Coker wrote:
> On Wed, 21 Apr 2004 12:49, Colin Walters <walters at redhat.com> wrote:
> > I presume by the way there's a reason access to random_device_t is was
> > originally denied - it prevents users from draining your good entropy by
> > generating a ton of keys. On the other hand, if you have GPG installed
>
> Actually when I gave different types to /dev/random and /dev/urandom we just
> sorted out which access each program seemed to need. At the time GPG didn't
> seem to want /dev/random access. If it wants it then it should get it.
I think it only uses /dev/random when generating keys.
> It seems that every desktop, laptop, and PDA shipped in the last few years has
> sound hardware. The microphone that's built in to many machines can be used
> as a source of entropy, and even an unconnected line-in if sampled at 16bit
> will do reasonably well. There is already policy
> for /usr/sbin/audio-entropyd to use this, if we get this packaged then maybe
> it would be the best solution to the problem?
That does sound like a cool idea. You can really get data even if
there's no microphone connected?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040421/ddaf56cf/attachment.sig>
More information about the fedora-selinux-list
mailing list