On Wed, 30 Jun 2010, Michael Biebl wrote: > the latest upload of the initscripts package broke the urandom sysv init > script. > It uses find in line 39, which lives in /usr/bin.
Using anything on /usr is a bad idea on that script. urandom is not something that should start late, it resseds the main random pool. This pool is extremely critical for the security of any early key generation (e.g. encripted swap with ephemeral key), session IV generation (pretty much everything that has any cripto in it), etc. In fact, it should run as soon as /dev/urandom and /etc are available. If the random seed is moved somewhere else by the local admin, it is up to him to deal with the problem should that seedfile not be available at early boot. IMO, the script needs to be changed to depend on "ls" only. Drop the use of "find". And have it depend only on udev. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org