On Mon, May 19, 2008 at 11:05:21AM -0700, Ross Boylan wrote:> Attached. It looks as if it''s trying to access ~/.rnd, though there may > be others before that.> 14507 open("~/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory) > 14507 write(2, "unable to write \''random state\''\n", 31) = 31I can just guess that openssl does not grok the ~ notation. Can you try hacking and replace RANDFILE = ~/.rnd with RANDFILE = $HOME/.rnd and see if the error persists. If that''s really the cause, this has been there for years without anybody noticing. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
On Fri, 2008-05-23 at 18:26 +0200, Marc Haber wrote:> On Mon, May 19, 2008 at 11:05:21AM -0700, Ross Boylan wrote: > > Attached. It looks as if it''s trying to access ~/.rnd, though there may > > be others before that. > > > 14507 open("~/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory) > > 14507 write(2, "unable to write \''random state\''\n", 31) = 31 > > I can just guess that openssl does not grok the ~ notation. Can you > try hacking and replace > RANDFILE = ~/.rnd > with > RANDFILE = $HOME/.rnd > and see if the error persists.Good guess! That solves the problem. The error message does not appear on the terminal, and the strace shows /root/.rnd being accessed without problem. I''m a little surprised it ran at all; maybe it falls back to some standard system source of entropy? Is the old configuration a security risk? Maybe it only happens in some environments. I logged in as myself, and then sux''d to root before running the script.> > If that''s really the cause, this has been there for years without > anybody noticing. > > Greetings > Marc >
On Fri, May 23, 2008 at 11:39:22AM -0700, Ross Boylan wrote:> On Fri, 2008-05-23 at 18:26 +0200, Marc Haber wrote: > > On Mon, May 19, 2008 at 11:05:21AM -0700, Ross Boylan wrote: > > > Attached. It looks as if it''s trying to access ~/.rnd, though there may > > > be others before that. > > > > > 14507 open("~/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory) > > > 14507 write(2, "unable to write \''random state\''\n", 31) = 31 > > > > I can just guess that openssl does not grok the ~ notation. Can you > > try hacking and replace > > RANDFILE = ~/.rnd > > with > > RANDFILE = $HOME/.rnd > > and see if the error persists. > Good guess! That solves the problem. The error message does not appear > on the terminal, and the strace shows /root/.rnd being accessed without > problem. > > I''m a little surprised it ran at all; maybe it falls back to some > standard system source of entropy? Is the old configuration a security > risk?To my understanding, it''s only an entropy cache which is used to provide a better seed to the rnd. I have committed the fix to svn.> Maybe it only happens in some environments. I logged in as myself, and > then sux''d to root before running the script.And I used sudo -H. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190