The source has:
/*
* random.c -- A strong random number generator
*
* Version 1.89, last modified 19-Sep-99
[snip]
* Ensuring unpredictability at system startup
* ============================================
*
* ... put the
* following lines an appropriate script which is run during the boot
* sequence:
*
* echo "Initializing random number generator..."
* random_seed=/var/run/random-seed
* # Carry a random seed from start-up to start-up
* # Load and then save 512 bytes, which is the size of the entropy pool
* if [ -f $random_seed ]; then
* cat $random_seed >/dev/urandom
* fi
* dd if=/dev/urandom of=$random_seed count=1
* chmod 600 $random_seed
*
* and the following lines in an appropriate script which is run as
* the system is shutdown:
*
* # Carry a random seed from shut-down to start-up
* # Save 512 bytes, which is the size of the entropy pool
* echo "Saving random seed..."
* random_seed=/var/run/random-seed
* dd if=/dev/urandom of=$random_seed count=1
* chmod 600 $random_seed
Why create the file with dd and then chmod it? If instead we set umask
before the dd, the file never has insecure permissions.
Could a non-root user actually expolit this to get the seed? Methinks
it is impossible at boot time. He cannot run anything soon enough to
exploit this unless he can put a trojan in some process which the boot
scripts run. If he can do that, he doesn't need this attack.
At shutdown, I'm less certain. Are all user processes (even nasty ones
written to disobey rules and trap all signals they can) definitely dead
by the time this runs? If not, the attacker just needs one that loops
doing fopen("/var/run/random-seed", "r") until it succeeds.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:15 EST