about summary refs log tree commit diff
path: root/core-services
diff options
context:
space:
mode:
authorCameron Nemo <cnemo@tutanota.com>2019-10-03 12:20:56 -0700
committerCameron Nemo <cnorman@cenic.org>2019-10-03 12:20:56 -0700
commitc3c7749db06a520457bbac810018dafa0729acde (patch)
tree0f7d6b4c9ca4e7bee7a0c08c3dddc63f79c89c41 /core-services
parentabd5e95bc3ec7cc4ef2c2bd7c7b04efefc0ec566 (diff)
downloadrunit-void-c3c7749db06a520457bbac810018dafa0729acde.tar.gz
runit-void-c3c7749db06a520457bbac810018dafa0729acde.tar.xz
runit-void-c3c7749db06a520457bbac810018dafa0729acde.zip
fix(urandom): avoid uninitialized read during boot
Regenerating the stored seed was an attempt to prevent hard shutdowns
from leading to seed reuse.
Unfortunately, this practice depletes any entropy that was added by
the seed.
Furthermore on newer kernels which do not credit entropy added from
userspace, the operation is often an uninitialized read of urandom.
Diffstat (limited to 'core-services')
-rw-r--r--core-services/05-misc.sh1
1 files changed, 0 insertions, 1 deletions
diff --git a/core-services/05-misc.sh b/core-services/05-misc.sh
index 7b035d6..0f3d28c 100644
--- a/core-services/05-misc.sh
+++ b/core-services/05-misc.sh
@@ -6,7 +6,6 @@ halt -B  # for wtmp
 if [ -z "$VIRTUALIZATION" ]; then
     msg "Initializing random seed..."
     cp /var/lib/random-seed /dev/urandom >/dev/null 2>&1 || true
-    ( umask 077; bytes=$(cat /proc/sys/kernel/random/poolsize) || bytes=512; dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=$bytes >/dev/null 2>&1 )
 fi
 
 msg "Setting up loopback interface..."