Thanks for your careful review Robie! As far as security is concerned, upstream comments on this in edc1c90cb972fdca1f66be5a8e2b0706bd2a4949: """ Note that we do not use random numbers for security sensitive things like keys or so. It's used for random based UUIDs etc. """
I looked at the util-linux source and it is used in: * dos.c: create a random disk ID * ipcmk.c: create shared memory segments with a random key * gen_uuid.c: generate UUIDs * mcookie.c: to generate 128bit random numbers for xauth but the man-page warns that the randomness of this may come from the libc pseudo-random functions -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1783810 Title: [SRU] blocks boot on core18 Status in util-linux package in Ubuntu: Fix Released Status in util-linux source package in Bionic: Fix Committed Bug description: The current version of libuuid is using getrandom() without the GRND_NONBLOCK flag. This means that in early boot the boot is blocked until the crng is initialized to "level=1" which on virtual machines may take some time. Upstream fixed this in https://github.com/karelzak/util- linux/commit/a9cf659e0508c1f56813a7d74c64f67bbc962538 and we should just backport the fix. [Impact] * Makes systems that use libuuid in early boot hang [Test Case] * boot a fresh core18 system with kernel 4.15 [Regression Potential] * little, change is very targeted This is uploaded to the bionic-proposed queue now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1783810/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
