Bugtraq mailing list archives
Re: Netscape problems (again)...
From: fstuart () vetmed auburn edu (Frank Stuart)
Date: Wed, 11 Oct 1995 11:30:07 -0500
I'm suprised someone else hasn't noticed this one. On the Netscape 1.12 and 2.0 info pages, it talks about how the RNG has been much improved. Among other things, it mentions that the truly paranoid can add stuff to their environment before starting Netscape, and since it uses the environment to help seed the RNG, this will improve security. On SunOS, at least, you can see the complete environment of ANY program running on the system... I use: ps -auxgwwwe Granted, that's not damning in itself, but it doesn't help much...
As I understand it, the environment variable in question is the name of a file containing "random" data rather than the "random" data itself. So, as long as no one else has read permission, or the environment variable is set to an appropriate "/dev/random", this shouldn't help an attacker. | (Douglas) Hofstadter's Law: Frank Stuart | It always takes longer than you expect, even fstuart () vetmed auburn edu | when you take into account Hofstadter's Law.
Current thread:
- Re: Netscape problems (again)... Frank Stuart (Oct 11)