GNU bug report logs - #23605
/dev/urandom not seeded across reboots

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 23 May 2016 17:59:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #44 received at 23605 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 23605 <at> debbugs.gnu.org
Subject: Re: bug#23605: /dev/urandom not seeded across reboots
Date: Fri, 27 May 2016 21:12:01 -0400

On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > I realized that we don't seem to be saving any of the entropy in the
> > kernel's random pool [0] across reboots.
> >
> > This means that for some period after boot, /dev/urandom may not be safe
> > to use. From random(4):
> 
> Good catch!
> 
> Some comments:
> 
> > +(define %urandom-seed-activation
> > +  ;; Activation gexp for the urandom seed
> > +  #~(begin
> > +      (use-modules (guix build utils))
> > +
> > +      (mkdir-p "/var/run")
> > +      (close-port (open-file "/var/run/urandom-seed" "a0b"))
> 
> Or simply ‘open-output-file’.

I don't see a way to use (open-output-file) in "append" mode as with
(open-file).  Without that, the file is cleared before it is read in the
following lines.

This bug report was last modified 9 years and 54 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #23605 /dev/urandom not seeded across reboots

GNU bug report logs - #23605
/dev/urandom not seeded across reboots