[1307] in linux-security and linux-alert archive
[linux-security] Bug in initscripts-2.77-1.i386.rpm's boot-up random # handler.
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Wed Nov 20 14:42:31 1996
Old-X-Envelope-From: juphoff@tarsier.cv.nrao.edu Wed Nov 20 14:20:16 1996
Date: Wed, 20 Nov 1996 14:20:15 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
>From /etc/rc.d/init.d/random in 2.77-1 (and earlier?):
...
random_seed=/var/run/random-seed
# See how we were called.
case "$1" in
start)
echo "Initializing random number generator..."
# Carry a random seed from start-up to start-up
# Load and then save 512 bytes, which is the size of the entropy pool
if [ -f /etc/random-seed ]; then
cat $random_seed >/dev/urandom
fi
...
/etc/random-seed does not exist in RHL 4.0, so nothing ever gets pushed
into /dev/urandom here.
Since /var/run/random_seed does exist (run-time), an obvious trivial
correction here would be:
if [ -f $random_seed ]; then
cat $random_seed >/dev/urandom
fi
>From /usr/src/linux/drivers/char/random.c's instructions:
* echo "Initializing random number generator..."
* # Carry a random seed from start-up to start-up
* # Load and then save 512 bytes, which is the size of the entropy pool
* if [ -f /etc/random-seed ]; then
* cat /etc/random-seed >/dev/urandom
* fi
* dd if=/dev/urandom of=/etc/random-seed count=1
Looks like a partial (and thus incorrect) modification was done to Ted's
instructions when putting together the initscripts. This means that
/dev/urandom is not being re-seeded at boot as expected. If you depend
on /dev/*random, the impact is obvious.
--Up.
--
Jeff Uphoff - Scientific Programming Analyst | juphoff@nrao.edu
National Radio Astronomy Observatory | juphoff@bofh.org.uk
Charlottesville, VA, USA | jeff.uphoff@linux.org
PGP key available at: http://www.cv.nrao.edu/~juphoff/