[Bug 1652381] [NEW] systematic way to refresh the random-seed again and again

Launchpad Bug Tracker 1652381 at bugs.launchpad.net
Fri Dec 23 22:03:08 UTC 2016 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

Background and rationale:  There ought to be a nice systematic way to
refresh the random-seed again and again, while the system is running
normally, not just at boot time or at shutdown time.

Sometimes a system may crash without carrying out an orderly shutdown.
Indeed some systems never carry out an orderly shutdown;  they run until
they die.  Therefore all the reasons why it is important to refresh the
random-seed during shutdown are also good reasons for refreshing it from
time to time during normal operations ... not just at startup.

Desired behavior:  The logical, systematic, traditional, and expected
way to refresh the seed would be either "systemctl start systemd-random-
seed" or equivalently "/etc/init.d/urandom start".  The command should
happily run as many times as desired, and should refresh the random-seed
each time.

Observed behavior:  "systemctl start systemd-random-seed" doesn't have
the desired effect.  Apparently systemd considers the previous instance
of systemd-random-seed.service to be still active, so additional starts
don't do any good.  Furthermore, "/etc/init.d/urandom start" has been
re-implemented in terms of "systemctl start systemd-random-seed", so
that doesn't work either.

This is a significant regression relative to the pre-systemd behavior.

Constructive suggestion.  See attached patch.  Recipe:
 :; systemctl start systemd-random-seed
 -- Observe that /var/lib/systemd/random-seed does not get refreshed.
 :; systemctl stop systemd-random-seed
 -- Apply the patch.
 :; systemctl daemon-reload
 :; systemctl start systemd-random-seed
 :; sleep 60
 :; systemctl start systemd-random-seed
 -- observe that the seed now does get refreshed.

There may be other ways of dealing with the issue, but this seems nice
and simple.

Tangent:  In a non-essential way, this might touch on decisions about
how best to address https://bugs.launchpad.net/bugs/1651947

Digression:  There is a policy question as to how often to refresh the
seed during normal operations.  That is a question for another day.

-------------------
Observed on
:; lsb_release -rd
Description:    Ubuntu 16.04.1 LTS
Release:        16.04

:; apt-cache policy systemd
systemd:
  Installed: 229-4ubuntu13
  Candidate: 229-4ubuntu13
  Version table:
 *** 229-4ubuntu13 500
        500 http://ubuntu.cs.utah.edu/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     229-4ubuntu10 500
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
     229-4ubuntu4 500
        500 http://ubuntu.cs.utah.edu/ubuntu xenial/main amd64 Packages

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
systematic way to refresh the random-seed again and again
https://bugs.launchpad.net/bugs/1652381
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to systemd in Ubuntu.

More information about the foundations-bugs mailing list