diff options
| author | Cameron Nemo <cnemo@tutanota.com> | 2019-10-03 12:20:56 -0700 |
|---|---|---|
| committer | Cameron Nemo <cnorman@cenic.org> | 2019-10-03 12:20:56 -0700 |
| commit | c3c7749db06a520457bbac810018dafa0729acde (patch) | |
| tree | 0f7d6b4c9ca4e7bee7a0c08c3dddc63f79c89c41 | |
| parent | abd5e95bc3ec7cc4ef2c2bd7c7b04efefc0ec566 (diff) | |
| download | runit-void-c3c7749db06a520457bbac810018dafa0729acde.tar.gz runit-void-c3c7749db06a520457bbac810018dafa0729acde.tar.xz runit-void-c3c7749db06a520457bbac810018dafa0729acde.zip | |
fix(urandom): avoid uninitialized read during boot
Regenerating the stored seed was an attempt to prevent hard shutdowns from leading to seed reuse. Unfortunately, this practice depletes any entropy that was added by the seed. Furthermore on newer kernels which do not credit entropy added from userspace, the operation is often an uninitialized read of urandom.
| -rw-r--r-- | core-services/05-misc.sh | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/core-services/05-misc.sh b/core-services/05-misc.sh index 7b035d6..0f3d28c 100644 --- a/core-services/05-misc.sh +++ b/core-services/05-misc.sh @@ -6,7 +6,6 @@ halt -B # for wtmp if [ -z "$VIRTUALIZATION" ]; then msg "Initializing random seed..." cp /var/lib/random-seed /dev/urandom >/dev/null 2>&1 || true - ( umask 077; bytes=$(cat /proc/sys/kernel/random/poolsize) || bytes=512; dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=$bytes >/dev/null 2>&1 ) fi msg "Setting up loopback interface..." |