[Opendnssec-user] ods-signerd calling vmstat?!?

Paul Wouters paul at nohats.ca
Fri Aug 30 15:44:12 UTC 2013 

On Fri, 30 Aug 2013, Jarle Greipsland wrote:

>> Why does ods-signerd need to call vmstat?  If it absolutely must,
>> it really should point FD 2 somewhere sensible.

> It is probably called from the Botan library, that is again used
> by the SoftHSM.  vmstat is one of the programs potentially used
> by Botan to gather entropy.

Wow, that is pretty epic - in a bad way...... Am I really trusting opendnssec
to generate RSA keys with the below code for entropy? filenames in /tmp?

Paul

/**
* Default Commands for Entropy Gathering
*/
std::vector<Unix_Program> Unix_EntropySource::get_default_sources()
    {
    std::vector<Unix_Program> srcs;

    srcs.push_back(Unix_Program("netstat -in",           1));
    srcs.push_back(Unix_Program("pfstat",                1));
    srcs.push_back(Unix_Program("vmstat -s",             1));
    srcs.push_back(Unix_Program("vmstat",                1));

    srcs.push_back(Unix_Program("arp -a -n",             2));
    srcs.push_back(Unix_Program("ifconfig -a",           2));
    srcs.push_back(Unix_Program("iostat",                2));
    srcs.push_back(Unix_Program("ipcs -a",               2));
    srcs.push_back(Unix_Program("mpstat",                2));
    srcs.push_back(Unix_Program("netstat -an",           2));
    srcs.push_back(Unix_Program("netstat -s",            2));
    srcs.push_back(Unix_Program("nfsstat",               2));
    srcs.push_back(Unix_Program("portstat",              2));
    srcs.push_back(Unix_Program("procinfo -a",           2));
    srcs.push_back(Unix_Program("pstat -T",              2));
    srcs.push_back(Unix_Program("pstat -s",              2));
    srcs.push_back(Unix_Program("uname -a",              2));
    srcs.push_back(Unix_Program("uptime",                2));
    srcs.push_back(Unix_Program("listarea",              3));
    srcs.push_back(Unix_Program("listdev",               3));
    srcs.push_back(Unix_Program("ps -A",                 3));
    srcs.push_back(Unix_Program("sysinfo",               3));

    srcs.push_back(Unix_Program("finger",                4));
    srcs.push_back(Unix_Program("mailstats",             4));
    srcs.push_back(Unix_Program("rpcinfo -p localhost",  4));
    srcs.push_back(Unix_Program("who",                   4));

    srcs.push_back(Unix_Program("df -l",                 4));
    srcs.push_back(Unix_Program("dmesg",                 4));
    srcs.push_back(Unix_Program("last -5",               4));
    srcs.push_back(Unix_Program("ls -alni /proc",        4));
    srcs.push_back(Unix_Program("ls -alni /tmp",         4));
    srcs.push_back(Unix_Program("pstat -f",              4));

    srcs.push_back(Unix_Program("ps -elf",               5));
    srcs.push_back(Unix_Program("ps aux",                5));

    srcs.push_back(Unix_Program("lsof -n",               6));
    srcs.push_back(Unix_Program("sar -A",                6));

More information about the Opendnssec-user mailing list