From c3c7749db06a520457bbac810018dafa0729acde Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Thu, 3 Oct 2019 12:20:56 -0700
Subject: fix(urandom): avoid uninitialized read during boot

Regenerating the stored seed was an attempt to prevent hard shutdowns
from leading to seed reuse.
Unfortunately, this practice depletes any entropy that was added by
the seed.
Furthermore on newer kernels which do not credit entropy added from
userspace, the operation is often an uninitialized read of urandom.
---
 core-services/05-misc.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/core-services/05-misc.sh b/core-services/05-misc.sh
index 7b035d6..0f3d28c 100644
--- a/core-services/05-misc.sh
+++ b/core-services/05-misc.sh
@@ -6,7 +6,6 @@ halt -B  # for wtmp
 if [ -z "$VIRTUALIZATION" ]; then
     msg "Initializing random seed..."
     cp /var/lib/random-seed /dev/urandom >/dev/null 2>&1 || true
-    ( umask 077; bytes=$(cat /proc/sys/kernel/random/poolsize) || bytes=512; dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=$bytes >/dev/null 2>&1 )
 fi
 
 msg "Setting up loopback interface..."
-- 
cgit 1.4.1