[PATCH 3/4] Explain why we /write/ the seed at boot time. Upgrade comments by removing question and inserting answer. Also document assumptions about persistence of $SAVEDFILE
John Denker
jsd at av8n.com
Sat Sep 11 16:56:08 UTC 2010
---
urandom | 19 +++++++++++++++++--
1 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/urandom b/urandom
index 5172e7f..d662fdb 100755
--- a/urandom
+++ b/urandom
@@ -10,10 +10,19 @@
# It is called from the boot, halt and reboot scripts.
### END INIT INFO
+## Assumption 1: We assume $SAVEDFILE is a file (or a symlink
+## to a file) that resides on a non-volatile medium that persists
+## across reboots.
+## Case 1a: Ideally, it is readable and writeable. Its is unshared,
+## i.e. its contents are unique to this machine. It is protected so
+## that its contents are not known to attackers.
+## Case 1b: Less than ideally, it is read-only. Its contents are
+## unique to this machine and not known to attackers.
+SAVEDFILE=/var/lib/urandom/random-seed
+
[ -c /dev/urandom ] || exit 0
PATH=/sbin:/usr/sbin:/bin:/usr/bin
-SAVEDFILE=/var/lib/urandom/random-seed
if ! POOLBYTES=$((
($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8
)) ; then
@@ -41,7 +50,13 @@ case "$1" in
cat "$SAVEDFILE" >/dev/urandom
fi
rm -f $SAVEDFILE
- # Hm, why is the saved pool re-created at boot? [pere 2009-09-03]
+ # Write a new seed into $SAVEDFILE because re-using a seed
+ # compromises security. Each time we re-seed, we want the
+ # seed to be as different as possible.
+ # Write it now, in case the machine crashes without doing
+ # an orderly shutdown.
+ # The write will fail if $SAVEDFILE is read-only, but it
+ # doesn't hurt to try.
umask 077
dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1
ES=$?
--
1.7.0.4
--------------070700040602060407090709
Content-Type: text/x-patch;
name="0004-Include-date-and-time-when-seeding-the-RNG.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="0004-Include-date-and-time-when-seeding-the-RNG.patch"
More information about the Pkg-sysvinit-devel
mailing list