Package: initscripts Version: 2.86.ds1-61 Severity: normal Tags: patch Explain why we /write/ the seed at boot time. Upgrade comments by removing question and inserting answer. Also document assumptions about persistence of $SAVEDFILE
This is #3 in a group of 5 patches for init.d/urandom. -- System Information: Debian Release: 5.0.5 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i586) Kernel: Linux 2.6.26.5 (PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash
>From 8591635867a34300c73ef9ead5fafa8002346788 Mon Sep 17 00:00:00 2001 From: John Denker <j...@av8n.com> Date: Sat, 11 Sep 2010 09:56:08 -0700 Subject: [PATCH 3/5] Explain why we /write/ the seed at boot time. Upgrade comments by removing question and inserting answer. Also document assumptions about persistence of $SAVEDFILE --- urandom | 21 +++++++++++++++++++-- 1 files changed, 19 insertions(+), 2 deletions(-) diff --git a/urandom b/urandom index 5172e7f..841534c 100755 --- a/urandom +++ b/urandom @@ -10,10 +10,19 @@ # It is called from the boot, halt and reboot scripts. ### END INIT INFO +## Assumption 1: We assume $SAVEDFILE is a file (or a symlink +## to a file) that resides on a non-volatile medium that persists +## across reboots. +## Case 1a: Ideally, it is readable and writeable. Its is unshared, +## i.e. its contents are unique to this machine. It is protected so +## that its contents are not known to attackers. +## Case 1b: Less than ideally, it is read-only. Its contents are +## unique to this machine and not known to attackers. +SAVEDFILE=/var/lib/urandom/random-seed + [ -c /dev/urandom ] || exit 0 PATH=/sbin:/usr/sbin:/bin:/usr/bin -SAVEDFILE=/var/lib/urandom/random-seed if ! POOLBYTES=$(( ($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8 )) ; then @@ -41,7 +50,13 @@ case "$1" in cat "$SAVEDFILE" >/dev/urandom fi rm -f $SAVEDFILE - # Hm, why is the saved pool re-created at boot? [pere 2009-09-03] + # Write a new seed into $SAVEDFILE because re-using a seed + # compromises security. Each time we re-seed, we want the + # seed to be as different as possible. + # Write it now, in case the machine crashes without doing + # an orderly shutdown. + # The write will fail if $SAVEDFILE is read-only, but it + # doesn't hurt to try. umask 077 dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1 ES=$? @@ -50,6 +65,8 @@ case "$1" in ;; stop) # Carry a random seed from shut-down to start-up; + # Write it on shutdown, in case the one written at startup + # has been lost, snooped, or otherwise compromised. # see documentation in linux/drivers/char/random.c [ "$VERBOSE" = no ] || log_action_begin_msg "Saving random seed" umask 077 -- 1.7.0.4
