linux security - Nov 1996 - Bug in initscripts-2.77-1.i386.rpm''s boot-up random # handler.

>From /etc/rc.d/init.d/random in 2.77-1 (and earlier?):
...
random_seed=/var/run/random-seed

# See how we were called.
case "$1" in
  start)
        echo "Initializing random number generator..."
        # Carry a random seed from start-up to start-up
        # Load and then save 512 bytes, which is the size of the entropy pool
        if [ -f /etc/random-seed ]; then
                cat $random_seed >/dev/urandom
        fi
...

/etc/random-seed does not exist in RHL 4.0, so nothing ever gets pushed
into /dev/urandom here.

Since /var/run/random_seed does exist (run-time), an obvious trivial
correction here would be:

        if [ -f $random_seed ]; then
                cat $random_seed >/dev/urandom
        fi
>From /usr/src/linux/drivers/char/random.c''s instructions:
 *      echo "Initializing random number generator..."
 *      # Carry a random seed from start-up to start-up
 *      # Load and then save 512 bytes, which is the size of the entropy pool
 *      if [ -f /etc/random-seed ]; then
 *              cat /etc/random-seed >/dev/urandom
 *      fi
 *      dd if=/dev/urandom of=/etc/random-seed count=1

Looks like a partial (and thus incorrect) modification was done to
Ted''s
instructions when putting together the initscripts.  This means that
/dev/urandom is not being re-seeded at boot as expected.  If you depend
on /dev/*random, the impact is obvious.

--Up.

-- 
Jeff Uphoff - Scientific Programming Analyst  |  juphoff@nrao.edu
National Radio Astronomy Observatory          |  juphoff@bofh.org.uk
Charlottesville, VA, USA                      |  jeff.uphoff@linux.org
        PGP key available at: http://www.cv.nrao.edu/~juphoff/


From mail@mail.redhat.com redhat.com  (list@199.183.24.1)