[1307] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Bug in initscripts-2.77-1.i386.rpm's boot-up random # handler.

daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Wed Nov 20 14:42:31 1996

Old-X-Envelope-From: juphoff@tarsier.cv.nrao.edu  Wed Nov 20 14:20:16 1996
Date: Wed, 20 Nov 1996 14:20:15 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

>From /etc/rc.d/init.d/random in 2.77-1 (and earlier?):

...
random_seed=/var/run/random-seed

# See how we were called.
case "$1" in
  start)
        echo "Initializing random number generator..."
        # Carry a random seed from start-up to start-up
        # Load and then save 512 bytes, which is the size of the entropy pool
        if [ -f /etc/random-seed ]; then
                cat $random_seed >/dev/urandom
        fi
...

/etc/random-seed does not exist in RHL 4.0, so nothing ever gets pushed
into /dev/urandom here.

Since /var/run/random_seed does exist (run-time), an obvious trivial
correction here would be:

        if [ -f $random_seed ]; then
                cat $random_seed >/dev/urandom
        fi

>From /usr/src/linux/drivers/char/random.c's instructions:

 *      echo "Initializing random number generator..."
 *      # Carry a random seed from start-up to start-up
 *      # Load and then save 512 bytes, which is the size of the entropy pool
 *      if [ -f /etc/random-seed ]; then
 *              cat /etc/random-seed >/dev/urandom
 *      fi
 *      dd if=/dev/urandom of=/etc/random-seed count=1

Looks like a partial (and thus incorrect) modification was done to Ted's
instructions when putting together the initscripts.  This means that
/dev/urandom is not being re-seeded at boot as expected.  If you depend
on /dev/*random, the impact is obvious.

--Up.

-- 
Jeff Uphoff - Scientific Programming Analyst  |  juphoff@nrao.edu
National Radio Astronomy Observatory          |  juphoff@bofh.org.uk
Charlottesville, VA, USA                      |  jeff.uphoff@linux.org
        PGP key available at: http://www.cv.nrao.edu/~juphoff/


home help back first fref pref prev next nref lref last post