On 26 Dec 2013, at 00:50, RW <[email protected]> wrote: > On Wed, 25 Dec 2013 22:24:27 +0100 > Pawel Jakub Dawidek wrote: > > >> We could do the same for save-entropy. It would be even nicer to have >> some flag so that even sysctl(8) is not executed. > > The only security consideration here is that a bug in that conditional > test might prevent entropy being saved. The benefit is saving a few KBs > of disk space and a few cpu cycles a few times an hour. Tiny risk, even > tinier benefit IMO.
Yes. It would be more work but nicer if these scripts could be somehow marked “not for jail use” and then dealt with by the boot process. Hmm. It looks like rcorder(8) may already know about a ‘nojail’ attribute. I think using that would be best. M -- Mark R V Murray
signature.asc
Description: Message signed with OpenPGP using GPGMail
