[Pkg-sysvinit-devel] Bug#503768: Bug#503768: /etc/init.d/urandom: Should treat POOLSIZE=0 as flag to not save/restore entropy
Henrique de Moraes Holschuh
hmh at debian.org
Tue Nov 4 21:47:01 UTC 2008
On Tue, 04 Nov 2008, Josh Triplett wrote:
> > > urandom should have some kind of flag to disable the saving and
> > > restoring of entropy. How about using POOLSIZE=0 as that flag?
> >
> > Maybe you should give us a *strong* usercase for doing that, first?
>
> Making Debian work with a read-only root filesystem without manual hacks
> to the init scripts. With this and a few other fixes (such as the one
> that prompted bug 503805), I managed to create a bootable Debian USB key
> which didn't try to write to itself.
Well, no urandom init is *safer* than initing it from a constant file,
that's for sure... In fact, we should be erasing the urandom seed file as
soon as we use it to init urandom, so symlink tricks are out of question
(also for security reasons).
Whether this means we should go for POOLSIZE=0, I don't really know.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list