Hi -- Last month there was a very nice discussion of init.d/urandom.
We identified several opportunities for improvement: 1) The calculation of the filesize when saving random.seed needs to be fixed. It is wrong by a factor of 8. 2) The code that writes to /proc/sys/kernel/random/poolsize should be removed. It is futile to write to a read-only file. 3) The initial seeding should also be dependent on the date, as in "date +%s.%N > /dev/random" 4) There is a question in the code, to which we know the answer. My understanding of the discussion so far is that there is 100% agreement that making these changes would be advantageous. Implementing these changes is super-easy. I was wondering what action has been taken. I did some looking in the obvious places and did not see any tickets, let alone any patches submitted. But perhaps I didn't look in the right places. So the questino remains -- Has anything been done about this? -- Do I need to file bug reports on this myself, or is there somebody else who would like to take care of it? Patches are attached. Nothing complicated or tricky. Please let me know if you have any questions or suggestions. Please keep me posted on any further developments.
>From dd1a2a7c4fbe58f60b46e739d5a7c78fc2dde03d Mon Sep 17 00:00:00 2001 From: John Denker <[email protected]> Date: Sat, 11 Sep 2010 09:17:32 -0700 Subject: [PATCH 1/4] Remove code that tried to write to the read-only file /proc/sys/kernel/random/poolsize This code was added in 2004 and has never worked. --- urandom | 7 ------- 1 files changed, 0 insertions(+), 7 deletions(-) diff --git a/urandom b/urandom index 30b572e..1007147 100755 --- a/urandom +++ b/urandom @@ -35,13 +35,6 @@ case "$1" in # which is the size of the entropy pool if [ -f "$SAVEDFILE" ] then - # Handle locally increased pool size - SAVEDSIZE="$(find "$SAVEDFILE" -printf "%s")" - if [ "$SAVEDSIZE" -gt "$POOLSIZE" ] - then - [ -w /proc/sys/kernel/random/poolsize ] && echo $POOLSIZE > /proc/sys/kernel/random/poolsize - POOLSIZE=$SAVEDSIZE - fi cat "$SAVEDFILE" >/dev/urandom fi rm -f $SAVEDFILE -- 1.7.0.4
>From 45e354973831aa3e50d230f98b25853660a42f39 Mon Sep 17 00:00:00 2001 From: John Denker <[email protected]> Date: Sat, 11 Sep 2010 09:22:36 -0700 Subject: [PATCH 2/4] Calculate POOLBYTES correctly. Note that /proc/sys/kernel/random/poolsize reports the number of bits, not bytes, so a conversion factor is needed. --- urandom | 13 ++++++++----- 1 files changed, 8 insertions(+), 5 deletions(-) diff --git a/urandom b/urandom index 1007147..5172e7f 100755 --- a/urandom +++ b/urandom @@ -14,8 +14,11 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin SAVEDFILE=/var/lib/urandom/random-seed -POOLSIZE=512 -[ -f /proc/sys/kernel/random/poolsize ] && POOLSIZE="$(cat /proc/sys/kernel/random/poolsize)" +if ! POOLBYTES=$(( + ($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8 +)) ; then + POOLBYTES=512 +fi . /lib/init/vars.sh . /lib/lsb/init-functions @@ -31,7 +34,7 @@ do_status () { case "$1" in start|"") [ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator" - # Load and then save $POOLSIZE bytes, + # Load and then save $POOLBYTES bytes, # which is the size of the entropy pool if [ -f "$SAVEDFILE" ] then @@ -40,7 +43,7 @@ case "$1" in rm -f $SAVEDFILE # Hm, why is the saved pool re-created at boot? [pere 2009-09-03] umask 077 - dd if=/dev/urandom of=$SAVEDFILE bs=$POOLSIZE count=1 >/dev/null 2>&1 + dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1 ES=$? umask 022 [ "$VERBOSE" = no ] || log_action_end_msg $ES @@ -50,7 +53,7 @@ case "$1" in # see documentation in linux/drivers/char/random.c [ "$VERBOSE" = no ] || log_action_begin_msg "Saving random seed" umask 077 - dd if=/dev/urandom of=$SAVEDFILE bs=$POOLSIZE count=1 >/dev/null 2>&1 + dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1 ES=$? [ "$VERBOSE" = no ] || log_action_end_msg $ES ;; -- 1.7.0.4
>From ec44d96208d32ec87bc225e9755199ebab8d9102 Mon Sep 17 00:00:00 2001 From: John Denker <[email protected]> Date: Sat, 11 Sep 2010 09:56:08 -0700 Subject: [PATCH 3/4] Explain why we /write/ the seed at boot time. Upgrade comments by removing question and inserting answer. Also document assumptions about persistence of $SAVEDFILE --- urandom | 19 +++++++++++++++++-- 1 files changed, 17 insertions(+), 2 deletions(-) diff --git a/urandom b/urandom index 5172e7f..d662fdb 100755 --- a/urandom +++ b/urandom @@ -10,10 +10,19 @@ # It is called from the boot, halt and reboot scripts. ### END INIT INFO +## Assumption 1: We assume $SAVEDFILE is a file (or a symlink +## to a file) that resides on a non-volatile medium that persists +## across reboots. +## Case 1a: Ideally, it is readable and writeable. Its is unshared, +## i.e. its contents are unique to this machine. It is protected so +## that its contents are not known to attackers. +## Case 1b: Less than ideally, it is read-only. Its contents are +## unique to this machine and not known to attackers. +SAVEDFILE=/var/lib/urandom/random-seed + [ -c /dev/urandom ] || exit 0 PATH=/sbin:/usr/sbin:/bin:/usr/bin -SAVEDFILE=/var/lib/urandom/random-seed if ! POOLBYTES=$(( ($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8 )) ; then @@ -41,7 +50,13 @@ case "$1" in cat "$SAVEDFILE" >/dev/urandom fi rm -f $SAVEDFILE - # Hm, why is the saved pool re-created at boot? [pere 2009-09-03] + # Write a new seed into $SAVEDFILE because re-using a seed + # compromises security. Each time we re-seed, we want the + # seed to be as different as possible. + # Write it now, in case the machine crashes without doing + # an orderly shutdown. + # The write will fail if $SAVEDFILE is read-only, but it + # doesn't hurt to try. umask 077 dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1 ES=$? -- 1.7.0.4
>From c3241bc33424524953f2e9ef1d541904029b51e8 Mon Sep 17 00:00:00 2001 From: John Denker <[email protected]> Date: Sat, 11 Sep 2010 10:04:48 -0700 Subject: [PATCH 4/4] Include date and time when seeding the RNG. --- urandom | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/urandom b/urandom index d662fdb..25709ac 100755 --- a/urandom +++ b/urandom @@ -43,6 +43,15 @@ do_status () { case "$1" in start|"") [ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator" + # Seed the RNG with date and time. + # This is helpful in the less-than-ideal case where $SAVEDFILE + # is read-only. + # The value of this is greatly reduced if $SAVEDFILE is missing, + # or its contents are shared machine-to-machine or known to + # attackers (since they might well know at what time this + # machine booted up). + date +%s.%N > /dev/urandom + # Load and then save $POOLBYTES bytes, # which is the size of the entropy pool if [ -f "$SAVEDFILE" ] -- 1.7.0.4
_______________________________________________ Pkg-sysvinit-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-sysvinit-devel
