[Pkg-sysvinit-devel] Bug#587665: Bug#587665: wrong PATH in urandom, find is in /usr/bin
Henrique de Moraes Holschuh
hmh at debian.org
Wed Jun 30 18:42:09 UTC 2010
On Wed, 30 Jun 2010, Michael Biebl wrote:
> the latest upload of the initscripts package broke the urandom sysv init
> script.
> It uses find in line 39, which lives in /usr/bin.
Using anything on /usr is a bad idea on that script.
urandom is not something that should start late, it resseds the main random
pool. This pool is extremely critical for the security of any early key
generation (e.g. encripted swap with ephemeral key), session IV generation
(pretty much everything that has any cripto in it), etc.
In fact, it should run as soon as /dev/urandom and /etc are available. If
the random seed is moved somewhere else by the local admin, it is up to him
to deal with the problem should that seedfile not be available at early
boot.
IMO, the script needs to be changed to depend on "ls" only. Drop the use of
"find". And have it depend only on udev.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list