*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
Background and rationale: There ought to be a nice systematic way to refresh the random-seed again and again, while the system is running normally, not just at boot time or at shutdown time. Sometimes a system may crash without carrying out an orderly shutdown. Indeed some systems never carry out an orderly shutdown; they run until they die. Therefore all the reasons why it is important to refresh the random-seed during shutdown are also good reasons for refreshing it from time to time during normal operations ... not just at startup. Desired behavior: The logical, systematic, traditional, and expected way to refresh the seed would be either "systemctl start systemd-random- seed" or equivalently "/etc/init.d/urandom start". The command should happily run as many times as desired, and should refresh the random-seed each time. Observed behavior: "systemctl start systemd-random-seed" doesn't have the desired effect. Apparently systemd considers the previous instance of systemd-random-seed.service to be still active, so additional starts don't do any good. Furthermore, "/etc/init.d/urandom start" has been re-implemented in terms of "systemctl start systemd-random-seed", so that doesn't work either. This is a significant regression relative to the pre-systemd behavior. Constructive suggestion. See attached patch. Recipe: :; systemctl start systemd-random-seed -- Observe that /var/lib/systemd/random-seed does not get refreshed. :; systemctl stop systemd-random-seed -- Apply the patch. :; systemctl daemon-reload :; systemctl start systemd-random-seed :; sleep 60 :; systemctl start systemd-random-seed -- observe that the seed now does get refreshed. There may be other ways of dealing with the issue, but this seems nice and simple. Tangent: In a non-essential way, this might touch on decisions about how best to address https://bugs.launchpad.net/bugs/1651947 Digression: There is a policy question as to how often to refresh the seed during normal operations. That is a question for another day. ------------------- Observed on :; lsb_release -rd Description: Ubuntu 16.04.1 LTS Release: 16.04 :; apt-cache policy systemd systemd: Installed: 229-4ubuntu13 Candidate: 229-4ubuntu13 Version table: *** 229-4ubuntu13 500 500 http://ubuntu.cs.utah.edu/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 229-4ubuntu10 500 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 229-4ubuntu4 500 500 http://ubuntu.cs.utah.edu/ubuntu xenial/main amd64 Packages ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- systematic way to refresh the random-seed again and again https://bugs.launchpad.net/bugs/1652381 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
