subject:"Should random.seed on shutdown be saved a little later\?"

Re: Should random.seed on shutdown be saved a little later?

2016-04-13 Thread Theo de Raadt

>On April 13, 2016 4:28:13 PM GMT+02:00, Theo de Raadt  
>wrote:
>>>Kevin Chadwick wrote:
 Whilst likely not a major issue. I also started to wonder whilst
 reading man rc.shutdown, if a daemon or other process could
>>potentially
 use /dev/urandom between saving the seed and shutdown so
>>could/should
 the random.seed be saved a little later after /etc/rc.shutdown runs?
>>>
>>>
>>>that doesn't matter.
>>
>>indeed, randomization is initialized eons before then.
>>
>>http://www.openbsd.org/papers/hackfest2014-arc4random/index.html
>
>
>What's important to realize is that it's a seed being written to
>disk, not the random subsystem state. As such, the random numbers will
>not repeat themselves after reboot even if randomness was consumed
>after the seed was written.

No, it is even better than that.

On 99.9% of machines, the bootblocks will go through extra effort
to perturb that entropy payload...  (and succeed, because the
hardware provides means available to the bootblocks)

If all things go well, there is no correlation.  If things go badly,
the correlations that exist are still meaningless.  Even in a VM
environment, which is one of the toughest.

In this matter, many other systems are infantile.  Their design
patterns don't allow them to think outside the box.

Little wonder therefore that operating system users have developed
such doubts about these systems.  Everyone else sucks.

Re: Should random.seed on shutdown be saved a little later?

2016-04-13 Thread Alexander Hall

On April 13, 2016 4:28:13 PM GMT+02:00, Theo de Raadt  
wrote:
>>Kevin Chadwick wrote:
>>> Whilst likely not a major issue. I also started to wonder whilst
>>> reading man rc.shutdown, if a daemon or other process could
>potentially
>>> use /dev/urandom between saving the seed and shutdown so
>could/should
>>> the random.seed be saved a little later after /etc/rc.shutdown runs?
>>
>>
>>that doesn't matter.
>
>indeed, randomization is initialized eons before then.
>
>http://www.openbsd.org/papers/hackfest2014-arc4random/index.html

What's important to realize is that it's a seed being written to disk, not the 
random subsystem state. As such, the random numbers will not repeat themselves 
after reboot even if randomness was consumed after the seed was written.

/Alexander

Re: Should random.seed on shutdown be saved a little later?

2016-04-13 Thread Theo de Raadt

>Kevin Chadwick wrote:
>> Whilst likely not a major issue. I also started to wonder whilst
>> reading man rc.shutdown, if a daemon or other process could potentially
>> use /dev/urandom between saving the seed and shutdown so could/should
>> the random.seed be saved a little later after /etc/rc.shutdown runs?
>
>
>that doesn't matter.

indeed, randomization is initialized eons before then.

http://www.openbsd.org/papers/hackfest2014-arc4random/index.html

Re: Should random.seed on shutdown be saved a little later?

2016-04-06 Thread Kevin Chadwick

> > > Whilst likely not a major issue. I also started to wonder whilst
> > > reading man rc.shutdown, if a daemon or other process could potentially
> > > use /dev/urandom between saving the seed and shutdown so could/should
> > > the random.seed be saved a little later after /etc/rc.shutdown runs?
> > 
> > 
> > that doesn't matter.  
> 
> Ok cool no should, but is there any reason not to make it easier for RO
> setups by moving the random.seed to after rc.shutdown runs? Would a
> patch for rc and the man page be welcome?

Index: src/etc/rc
===
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.474
diff -u -p -r1.474 rc
--- src/etc/rc  29 Dec 2015 19:41:24 -  1.474
+++ src/etc/rc  6 Apr 2016 16:09:18 -
@@ -211,13 +211,6 @@ FUNCS_ONLY=1 . /etc/rc.d/rc.subr
 _rc_parse_conf
 
 if [[ $1 == shutdown ]]; then
-   if echo 2>/dev/null >>/var/db/host.random || \
-   echo 2>/dev/null >>/etc/random.seed; then
-   random_seed
-   else
-   echo warning: cannot write random seed to disk
-   fi
-
# If we are in secure level 0, assume single user mode.
if (($(sysctl -n kern.securelevel) == 0)); then
echo 'single user: not running shutdown scripts'
@@ -234,6 +227,13 @@ if [[ $1 == shutdown ]]; then
fi
 
[[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown
+   fi
+
+   if echo 2>/dev/null >>/var/db/host.random || \
+   echo 2>/dev/null >>/etc/random.seed; then
+   random_seed
+   else
+   echo warning: cannot write random seed to disk
fi
 
# Bring carp interfaces down gracefully.


Index: src/share/man/man8/rc.shutdown.8
===
RCS file: /cvs/src/share/man/man8/rc.shutdown.8,v
retrieving revision 1.14
diff -u -p -r1.14 rc.shutdown.8
--- src/share/man/man8/rc.shutdown.814 Jul 2014 09:14:11 -
1.14 +++ src/share/man/man8/rc.shutdown.86 Apr 2016 16:06:10 -
@@ -49,9 +49,7 @@ This document details the actions taken 
 .Xr rc 8
 in such an instance.
 .Pp
-Firstly it saves random data for reseeding the kernel random number
-generator during the next boot.
-It then stops any daemons
+Firstly it stops any daemons
 defined in the
 .Va pkg_scripts
 variable in
@@ -65,6 +63,9 @@ then runs
 .Nm .
 The administrator should place in this file
 any commands they wish to have executed during shutdown.
+.Pp
+Next it saves random data for reseeding the kernel random number
+generator during the next boot.
 .Pp
 Finally, all
 .Xr carp 4


-- 

KISSIS - Keep It Simple So It's Securable

Re: Should random.seed on shutdown be saved a little later?

2016-04-06 Thread Kevin Chadwick

> > Whilst likely not a major issue. I also started to wonder whilst
> > reading man rc.shutdown, if a daemon or other process could potentially
> > use /dev/urandom between saving the seed and shutdown so could/should
> > the random.seed be saved a little later after /etc/rc.shutdown runs?  
> 
> 
> that doesn't matter.

Ok cool no should, but is there any reason not to make it easier for RO
setups by moving the random.seed to after rc.shutdown runs? Would a
patch for rc and the man page be welcome?

-- 

KISSIS - Keep It Simple So It's Securable

Re: Should random.seed on shutdown be saved a little later?

2016-04-02 Thread Ted Unangst

Kevin Chadwick wrote:
> Whilst likely not a major issue. I also started to wonder whilst
> reading man rc.shutdown, if a daemon or other process could potentially
> use /dev/urandom between saving the seed and shutdown so could/should
> the random.seed be saved a little later after /etc/rc.shutdown runs?


that doesn't matter.

Should random.seed on shutdown be saved a little later?

2016-04-02 Thread Kevin Chadwick

So I am currently patching /etc/rc to remount ro which I accept is
special territory. I like ro partitions not only for the lack of need to
fsck and faster boot for systems that have had thee power pulled.

It would be a lot nicer to be able to mount -uw / in rc.shutdown.

Whilst likely not a major issue. I also started to wonder whilst
reading man rc.shutdown, if a daemon or other process could potentially
use /dev/urandom between saving the seed and shutdown so could/should
the random.seed be saved a little later after /etc/rc.shutdown runs?


-- 

KISSIS - Keep It Simple So It's Securable

Re: Should random.seed on shutdown be saved a little later?

Re: Should random.seed on shutdown be saved a little later?

Re: Should random.seed on shutdown be saved a little later?

Re: Should random.seed on shutdown be saved a little later?

Re: Should random.seed on shutdown be saved a little later?

Re: Should random.seed on shutdown be saved a little later?

Should random.seed on shutdown be saved a little later?

7 matches

Site Navigation

Mail list logo

Footer information