From c3c7749db06a520457bbac810018dafa0729acde Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Thu, 3 Oct 2019 12:20:56 -0700 Subject: fix(urandom): avoid uninitialized read during boot Regenerating the stored seed was an attempt to prevent hard shutdowns from leading to seed reuse. Unfortunately, this practice depletes any entropy that was added by the seed. Furthermore on newer kernels which do not credit entropy added from userspace, the operation is often an uninitialized read of urandom. --- core-services/05-misc.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/core-services/05-misc.sh b/core-services/05-misc.sh index 7b035d6..0f3d28c 100644 --- a/core-services/05-misc.sh +++ b/core-services/05-misc.sh @@ -6,7 +6,6 @@ halt -B # for wtmp if [ -z "$VIRTUALIZATION" ]; then msg "Initializing random seed..." cp /var/lib/random-seed /dev/urandom >/dev/null 2>&1 || true - ( umask 077; bytes=$(cat /proc/sys/kernel/random/poolsize) || bytes=512; dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=$bytes >/dev/null 2>&1 ) fi msg "Setting up loopback interface..." -- cgit 1.4.1