[Bug 1651947] Re: installer ought to install a proper random-seed
Dimitri John Ledkov
launchpad at surgut.co.uk
Mon Mar 13 08:07:13 UTC 2017
*** This bug is a duplicate of bug 1523199 ***
https://bugs.launchpad.net/bugs/1523199
It appears that this was fixed on 2016-02-24. In Bug #1523199. I will
mark this bug report as a duplicate.
Could you please clarify which installation media/releases are you
using?
** Changed in: livecd-rootfs (Ubuntu)
Status: Confirmed => Invalid
** This bug has been marked a duplicate of bug 1523199
Wily installer uses wrong seed location for systemd-random-seed.service
** Changed in: ubiquity (Ubuntu)
Status: Confirmed => Invalid
** Changed in: ubiquity (Ubuntu)
Milestone: ubuntu-17.03 => None
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1651947
Title:
installer ought to install a proper random-seed
Status in livecd-rootfs package in Ubuntu:
Invalid
Status in ubiquity package in Ubuntu:
Invalid
Bug description:
Observed behavior: The Ubuntu "Live CD" installer creates
a file on the installee (i.e. target) filesystem called
/var/lib/systemd/random-seed
but alas it has zero length.
Desired behavior: The installer should copy 512 bytes from
the installer's /dev/urandom into the installee's
/var/lib/systemd/random-seed
Discussion: The newly installed system relies on that file
to initialize its random number generator. It might have
other ways of initializing, or it might not. An improperly
initialized RNG creates grave security problems.
There is no imaginable downside to doing this.
Remark: The Debian installer handles this better. It gives the
installee a nice
/var/lib/urandom/random-seed
file with 512 bytes of random content. It does not bother with
/var/lib/systemd/random-seed
at all.
The Ubuntu installer, in contrast, creates a directory
/var/lib/urandom
with no contents, i.e. no files at all. Perhaps this is vestigial.
Suggestion: The Ubuntu installer should:
a) not create that directory at all, or
b) create /var/lib/urandom/random-seed as a symlink to
../systemd/random-seed, or
c) put the actual data in /var/lib/urandom/random-seed --
which is the traditional and compatible place for it -- and
teach the systemd scripts to find it there.
Disclaimer: As a separate matter, it is important to ensure
that the installer system itself has a properly initialized RNG.
There are ways of doing so, but that is a topic for another day.
For present purposes, the point is only that the installer should
not make things worse. It should use whatever randomness it has
to initialize the installee system.
--------------------------------
Observed on a Live CD system:
:; lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
The package is:
:; apt-cache policy ubiquity
ubiquity:
Installed: 2.21.63.2
Candidate: 2.21.63.2
Version table:
*** 2.21.63.2 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2.21.63 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1651947/+subscriptions
More information about the foundations-bugs
mailing list