openssh / prngd unresolved bug since 2002, need help

Knox, Bill wknox at mitre.org
Sat Jul 12 13:15:44 EST 2008


The Solaris 8 patch is 112438 - I don't know what rev it is up to at
this point. The patch says it requires a reboot, but I came across the
following instructions years ago to do it without a reboot (sorry, no
attribution available - some person brighter than me):

In order to add patch 112438 to the systems without requiring a reboot,
perform the following steps:

# patchadd 112438-*
(The patch addition information should appear)
# rm /reconfigure
# rem_drv random
(Ignore any errors returned)
# add_drv -m '* 0644 root sys' random

Good luck, and sorry everyone else for the somewhat off topic post.

                          Bill Knox
                          Lead Infosec Engineer/Scientist
                          The MITRE Corporation

-----Original Message-----
From: openssh-unix-dev-bounces+wknox=mitre.org at mindrot.org
[mailto:openssh-unix-dev-bounces+wknox=mitre.org at mindrot.org] On Behalf
Of David Beecher
Sent: Friday, July 11, 2008 9:36 PM
To: Ben Lindstrom; David Beecher; openssh-unix-dev at mindrot.org
Subject: Re: openssh / prngd unresolved bug since 2002, need help

Hello Jim,

Thank you very much.  I am aware of the random number generator on
sunos
5.9.  Finally they included one.  Unfortunately this install is sunos
5.8
and not easily changeable at this point.

I was not aware that patches for sunos 5.8 existed that would add
urandom
and when I saw the package on sunfreeware that used prngd I assumed
none
existed and prngd was required.

I will look for them and report back here what I find.

Thanks a lot!
David



Jim Knoble wrote:
> Circa 2008-07-11 15:57 dixit Ben Lindstrom:
>
> : If you are on Solaris 9.. You should have a /dev/[u]random and you
> : shouldn't need prngd (or am I thinking Solaris 10?).
>
> Solaris 9 should have /dev/random and /dev/urandom already.  Solaris
8
> has patches which provide it.
>
> --
> jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
> (GnuPG key ID: 6F39C2CC  >>>>>>  http://www.pobox.com/~jmknoble/keys/
)
> (GnuPG fingerprint:
5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC)
>
+----------------------------------------------------------------------
+
> |[L]iberty, as we all know, cannot flourish in a country that is
perma-|
> | nently on a war footing, or even a near-war footing.  --Aldous
Huxley|
>
+----------------------------------------------------------------------
+
>


-- 
David Beecher, Executive Vice President and Chief Technical Officer
Digital Messaging Solutions, Inc.
678-446-3050 voice
http://www.dmsgs.com

This e-mail may contain data that is confidential, proprietary or
"non-public
personal information," as that term is defined in the
Gramm-Leach-Bliley Act
(collectively, "Confidential Information"). The Confidential
Information is
disclosed conditioned upon your agreement that you will treat it
confidentially and in accordance with applicable law, ensure that such
data
isn't used or disclosed except for the limited purpose for which it's
being
provided and will notify and cooperate with us regarding any requested
or
unauthorized disclosure or use of any Confidential Information. By
accepting
and reviewing the Confidential Information you agree to indemnify us
against
any losses or expenses, including attorney's fees that we may incur as
a
result of any unauthorized use or disclosure of this data due to your
acts or
omissions. If a party other than the intended recipient receives this
e-mail,
you are requested to instantly notify us of the erroneous delivery and
return
to us all data so delivered.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list