[PATCH 3/4] Explain why we /write/ the seed at boot time. Upgrade comments by removing question and inserting answer. Also document assumptions about persistence of $SAVEDFILE

John Denker jsd at av8n.com
Sat Sep 11 16:56:08 UTC 2010 

---
 urandom |   19 +++++++++++++++++--
 1 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/urandom b/urandom
index 5172e7f..d662fdb 100755
--- a/urandom
+++ b/urandom
@@ -10,10 +10,19 @@
 #                    It is called from the boot, halt and reboot scripts.
 ### END INIT INFO
 
+## Assumption 1:  We assume $SAVEDFILE is a file (or a symlink
+## to a file) that resides on a non-volatile medium that persists
+## across reboots.
+## Case 1a: Ideally, it is readable and writeable.  Its is unshared,
+## i.e. its contents are unique to this machine.  It is protected so
+## that its contents are not known to attackers.
+## Case 1b: Less than ideally, it is read-only.  Its contents are
+## unique to this machine and not known to attackers.
+SAVEDFILE=/var/lib/urandom/random-seed
+
 [ -c /dev/urandom ] || exit 0
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
-SAVEDFILE=/var/lib/urandom/random-seed
 if ! POOLBYTES=$((
   ($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8
 )) ; then
@@ -41,7 +50,13 @@ case "$1" in
 		cat "$SAVEDFILE" >/dev/urandom
 	fi
 	rm -f $SAVEDFILE
-	# Hm, why is the saved pool re-created at boot? [pere 2009-09-03]
+	# Write a new seed into $SAVEDFILE because re-using a seed
+	# compromises security.	 Each time we re-seed, we want the
+	# seed to be as different as possible.
+	# Write it now, in case the machine crashes without doing
+	# an orderly shutdown.
+	# The write will fail if $SAVEDFILE is read-only, but it
+	# doesn't hurt to try.
 	umask 077
 	dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1
 	ES=$?
-- 
1.7.0.4


--------------070700040602060407090709
Content-Type: text/x-patch;
 name="0004-Include-date-and-time-when-seeding-the-RNG.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0004-Include-date-and-time-when-seeding-the-RNG.patch"

More information about the Pkg-sysvinit-devel mailing list