Re: Should random.seed on shutdown be saved a little later?
>On April 13, 2016 4:28:13 PM GMT+02:00, Theo de Raadt>wrote: >>>Kevin Chadwick wrote: Whilst likely not a major issue. I also started to wonder whilst reading man rc.shutdown, if a daemon or other process could >>potentially use /dev/urandom between saving the seed and shutdown so >>could/should the random.seed be saved a little later after /etc/rc.shutdown runs? >>> >>> >>>that doesn't matter. >> >>indeed, randomization is initialized eons before then. >> >>http://www.openbsd.org/papers/hackfest2014-arc4random/index.html > > >What's important to realize is that it's a seed being written to >disk, not the random subsystem state. As such, the random numbers will >not repeat themselves after reboot even if randomness was consumed >after the seed was written. No, it is even better than that. On 99.9% of machines, the bootblocks will go through extra effort to perturb that entropy payload... (and succeed, because the hardware provides means available to the bootblocks) If all things go well, there is no correlation. If things go badly, the correlations that exist are still meaningless. Even in a VM environment, which is one of the toughest. In this matter, many other systems are infantile. Their design patterns don't allow them to think outside the box. Little wonder therefore that operating system users have developed such doubts about these systems. Everyone else sucks.
Re: Should random.seed on shutdown be saved a little later?
On April 13, 2016 4:28:13 PM GMT+02:00, Theo de Raadtwrote: >>Kevin Chadwick wrote: >>> Whilst likely not a major issue. I also started to wonder whilst >>> reading man rc.shutdown, if a daemon or other process could >potentially >>> use /dev/urandom between saving the seed and shutdown so >could/should >>> the random.seed be saved a little later after /etc/rc.shutdown runs? >> >> >>that doesn't matter. > >indeed, randomization is initialized eons before then. > >http://www.openbsd.org/papers/hackfest2014-arc4random/index.html What's important to realize is that it's a seed being written to disk, not the random subsystem state. As such, the random numbers will not repeat themselves after reboot even if randomness was consumed after the seed was written. /Alexander
Re: Should random.seed on shutdown be saved a little later?
>Kevin Chadwick wrote: >> Whilst likely not a major issue. I also started to wonder whilst >> reading man rc.shutdown, if a daemon or other process could potentially >> use /dev/urandom between saving the seed and shutdown so could/should >> the random.seed be saved a little later after /etc/rc.shutdown runs? > > >that doesn't matter. indeed, randomization is initialized eons before then. http://www.openbsd.org/papers/hackfest2014-arc4random/index.html
Re: Should random.seed on shutdown be saved a little later?
> > > Whilst likely not a major issue. I also started to wonder whilst > > > reading man rc.shutdown, if a daemon or other process could potentially > > > use /dev/urandom between saving the seed and shutdown so could/should > > > the random.seed be saved a little later after /etc/rc.shutdown runs? > > > > > > that doesn't matter. > > Ok cool no should, but is there any reason not to make it easier for RO > setups by moving the random.seed to after rc.shutdown runs? Would a > patch for rc and the man page be welcome? Index: src/etc/rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.474 diff -u -p -r1.474 rc --- src/etc/rc 29 Dec 2015 19:41:24 - 1.474 +++ src/etc/rc 6 Apr 2016 16:09:18 - @@ -211,13 +211,6 @@ FUNCS_ONLY=1 . /etc/rc.d/rc.subr _rc_parse_conf if [[ $1 == shutdown ]]; then - if echo 2>/dev/null >>/var/db/host.random || \ - echo 2>/dev/null >>/etc/random.seed; then - random_seed - else - echo warning: cannot write random seed to disk - fi - # If we are in secure level 0, assume single user mode. if (($(sysctl -n kern.securelevel) == 0)); then echo 'single user: not running shutdown scripts' @@ -234,6 +227,13 @@ if [[ $1 == shutdown ]]; then fi [[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown + fi + + if echo 2>/dev/null >>/var/db/host.random || \ + echo 2>/dev/null >>/etc/random.seed; then + random_seed + else + echo warning: cannot write random seed to disk fi # Bring carp interfaces down gracefully. Index: src/share/man/man8/rc.shutdown.8 === RCS file: /cvs/src/share/man/man8/rc.shutdown.8,v retrieving revision 1.14 diff -u -p -r1.14 rc.shutdown.8 --- src/share/man/man8/rc.shutdown.814 Jul 2014 09:14:11 - 1.14 +++ src/share/man/man8/rc.shutdown.86 Apr 2016 16:06:10 - @@ -49,9 +49,7 @@ This document details the actions taken .Xr rc 8 in such an instance. .Pp -Firstly it saves random data for reseeding the kernel random number -generator during the next boot. -It then stops any daemons +Firstly it stops any daemons defined in the .Va pkg_scripts variable in @@ -65,6 +63,9 @@ then runs .Nm . The administrator should place in this file any commands they wish to have executed during shutdown. +.Pp +Next it saves random data for reseeding the kernel random number +generator during the next boot. .Pp Finally, all .Xr carp 4 -- KISSIS - Keep It Simple So It's Securable
Re: Should random.seed on shutdown be saved a little later?
> > Whilst likely not a major issue. I also started to wonder whilst > > reading man rc.shutdown, if a daemon or other process could potentially > > use /dev/urandom between saving the seed and shutdown so could/should > > the random.seed be saved a little later after /etc/rc.shutdown runs? > > > that doesn't matter. Ok cool no should, but is there any reason not to make it easier for RO setups by moving the random.seed to after rc.shutdown runs? Would a patch for rc and the man page be welcome? -- KISSIS - Keep It Simple So It's Securable
Re: Should random.seed on shutdown be saved a little later?
Kevin Chadwick wrote: > Whilst likely not a major issue. I also started to wonder whilst > reading man rc.shutdown, if a daemon or other process could potentially > use /dev/urandom between saving the seed and shutdown so could/should > the random.seed be saved a little later after /etc/rc.shutdown runs? that doesn't matter.
Should random.seed on shutdown be saved a little later?
So I am currently patching /etc/rc to remount ro which I accept is special territory. I like ro partitions not only for the lack of need to fsck and faster boot for systems that have had thee power pulled. It would be a lot nicer to be able to mount -uw / in rc.shutdown. Whilst likely not a major issue. I also started to wonder whilst reading man rc.shutdown, if a daemon or other process could potentially use /dev/urandom between saving the seed and shutdown so could/should the random.seed be saved a little later after /etc/rc.shutdown runs? -- KISSIS - Keep It Simple So It's Securable