Re: Netscape problems (again)...

[fstuart () vetmed auburn edu (Frank Stuart)]

> I'm suprised someone else hasn't noticed this one.
>
> On the Netscape 1.12 and 2.0 info pages, it talks about how the RNG has
> been much improved. Among other things, it mentions that the truly
> paranoid can add stuff to their environment before starting Netscape, and
> since it uses the environment to help seed the RNG, this will improve
> security.
>
> On SunOS, at least, you can see the complete environment of ANY program
> running on the system... I use: ps -auxgwwwe
>
> Granted, that's not damning in itself, but it doesn't help much...

As I understand it, the environment variable in question is the name of
a file containing "random" data rather than the "random" data itself.  So,
as long as no one else has read permission, or the environment variable is
set to an appropriate "/dev/random", this shouldn't help an attacker.


                          | (Douglas) Hofstadter's Law:
Frank Stuart              | It always takes longer than you expect, even
fstuart () vetmed auburn edu | when you take into account Hofstadter's Law.