Re: Netscape problems (again)...

Frank Stuart (fstuart@vetmed.auburn.edu)
Wed, 11 Oct 1995 11:30:07 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Janis Lacis: "Sendmail 8.6.12 hole & smrsh"
Previous message: Bernd Lehle: "s-bits disappear ?"
Maybe in reply to: Jay 'Whip' Grizzard: "Netscape problems (again)..."

>I'm suprised someone else hasn't noticed this one.
>
>On the Netscape 1.12 and 2.0 info pages, it talks about how the RNG has
>been much improved. Among other things, it mentions that the truly
>paranoid can add stuff to their environment before starting Netscape, and
>since it uses the environment to help seed the RNG, this will improve
>security.
>
>On SunOS, at least, you can see the complete environment of ANY program
>running on the system... I use: ps -auxgwwwe
>
>Granted, that's not damning in itself, but it doesn't help much...

As I understand it, the environment variable in question is the name of
a file containing "random" data rather than the "random" data itself.  So,
as long as no one else has read permission, or the environment variable is
set to an appropriate "/dev/random", this shouldn't help an attacker.


                          | (Douglas) Hofstadter's Law:
Frank Stuart              | It always takes longer than you expect, even
fstuart@vetmed.auburn.edu | when you take into account Hofstadter's Law.

Next message: Janis Lacis: "Sendmail 8.6.12 hole & smrsh"
Previous message: Bernd Lehle: "s-bits disappear ?"
Maybe in reply to: Jay 'Whip' Grizzard: "Netscape problems (again)..."