dcb9c59cc2
Fix bsnmpd remote denial of service vulnerability. [SA-14:01] Fix ntpd distributed reflection Denial of Service vulnerability. [SA-14:02] Fix OpenSSL multiple vulnerabilities. [SA-14:03] Fix BIND remote denial of service vulnerability. [SA-14:04] Disable hardware RNGs by default. [EN-14:01] Fix incorrect coalescing of stack entry with mmap. [EN-14:02]
27 lines
792 B
Diff
27 lines
792 B
Diff
Index: sys/dev/random/probe.c
|
|
===================================================================
|
|
--- sys/dev/random/probe.c (revision 260523)
|
|
+++ sys/dev/random/probe.c (working copy)
|
|
@@ -30,6 +30,8 @@ __FBSDID("$FreeBSD$");
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/param.h>
|
|
+#include <sys/systm.h>
|
|
+#include <sys/kernel.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/random.h>
|
|
#include <sys/selinfo.h>
|
|
@@ -57,7 +59,12 @@ random_ident_hardware(struct random_systat *systat
|
|
/* Then go looking for hardware */
|
|
#if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
|
|
if (via_feature_rng & VIA_HAS_RNG) {
|
|
- *systat = random_nehemiah;
|
|
+ int enable;
|
|
+
|
|
+ enable = 0;
|
|
+ TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable);
|
|
+ if (enable)
|
|
+ *systat = random_nehemiah;
|
|
}
|
|
#endif
|
|
}
|