From ac93390b032859dd49c94c96398ebdb497ba1a73 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 6 Aug 2018 15:52:45 +0200 Subject: [PATCH 1/2] random-seed: read the full seed file, even if it is larger than 512 byte Previously, we'd only ever read 512 byte from the random seed file, under the assumption we won't need more. With this change we'll read the full file, even if it is larger. The idea behind htis change is that people can dump additional data into the random seed file offline if they like, and it can be low quality, and we'll seed the pool with it anyway. Moreover, if people are paranoid and want us to save/restore a bigger seed, it's easy to do: just truncate the file to the right size and we'll save/restore as much in the future. This also reworks the file a bit, introducing two clear if blocks that load and that save the random seed, and that each are conditionalized more carefully. --- src/random-seed/random-seed.c | 90 ++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 34 deletions(-) diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index 223b56306c..d25ee7d80a 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -15,15 +15,17 @@ #include "util.h" #define POOL_SIZE_MIN 512 +#define POOL_SIZE_MAX (10*1024*1024) int main(int argc, char *argv[]) { _cleanup_close_ int seed_fd = -1, random_fd = -1; + bool read_seed_file, write_seed_file; _cleanup_free_ void* buf = NULL; size_t buf_size = 0; + struct stat st; ssize_t k; - int r, open_rw_error; FILE *f; - bool refresh_seed_file = true; + int r; if (argc != 2) { log_error("This program requires one argument."); @@ -46,31 +48,25 @@ int main(int argc, char *argv[]) { fclose(f); } - if (buf_size <= POOL_SIZE_MIN) + if (buf_size < POOL_SIZE_MIN) buf_size = POOL_SIZE_MIN; - buf = malloc(buf_size); - if (!buf) { - r = log_oom(); - goto finish; - } - r = mkdir_parents_label(RANDOM_SEED, 0755); if (r < 0) { log_error_errno(r, "Failed to create directory " RANDOM_SEED_DIR ": %m"); goto finish; } - /* When we load the seed we read it and write it to the device - * and then immediately update the saved seed with new data, - * to make sure the next boot gets seeded differently. */ + /* When we load the seed we read it and write it to the device and then immediately update the saved seed with + * new data, to make sure the next boot gets seeded differently. */ if (streq(argv[1], "load")) { + int open_rw_error; seed_fd = open(RANDOM_SEED, O_RDWR|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600); open_rw_error = -errno; if (seed_fd < 0) { - refresh_seed_file = false; + write_seed_file = false; seed_fd = open(RANDOM_SEED, O_RDONLY|O_CLOEXEC|O_NOCTTY); if (seed_fd < 0) { @@ -85,10 +81,13 @@ int main(int argc, char *argv[]) { goto finish; } - } + } else + write_seed_file = true; random_fd = open("/dev/urandom", O_RDWR|O_CLOEXEC|O_NOCTTY, 0600); if (random_fd < 0) { + write_seed_file = false; + random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY, 0600); if (random_fd < 0) { r = log_error_errno(errno, "Failed to open /dev/urandom: %m"); @@ -96,6 +95,48 @@ int main(int argc, char *argv[]) { } } + read_seed_file = true; + + } else if (streq(argv[1], "save")) { + + random_fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY); + if (random_fd < 0) { + r = log_error_errno(errno, "Failed to open /dev/urandom: %m"); + goto finish; + } + + seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600); + if (seed_fd < 0) { + r = log_error_errno(errno, "Failed to open " RANDOM_SEED ": %m"); + goto finish; + } + + read_seed_file = false; + write_seed_file = true; + + } else { + log_error("Unknown verb '%s'.", argv[1]); + r = -EINVAL; + goto finish; + } + + if (fstat(seed_fd, &st) < 0) { + r = log_error_errno(errno, "Failed to stat() seed file " RANDOM_SEED ": %m"); + goto finish; + } + + /* If the seed file is larger than what we expect, then honour the existing size and save/restore as much as it says */ + if ((uint64_t) st.st_size > buf_size) + buf_size = MIN(st.st_size, POOL_SIZE_MAX); + + buf = malloc(buf_size); + if (!buf) { + r = log_oom(); + goto finish; + } + + if (read_seed_file) { + k = loop_read(seed_fd, buf, buf_size, false); if (k < 0) r = log_error_errno(k, "Failed to read seed from " RANDOM_SEED ": %m"); @@ -109,28 +150,9 @@ int main(int argc, char *argv[]) { if (r < 0) log_error_errno(r, "Failed to write seed to /dev/urandom: %m"); } - - } else if (streq(argv[1], "save")) { - - seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600); - if (seed_fd < 0) { - r = log_error_errno(errno, "Failed to open " RANDOM_SEED ": %m"); - goto finish; - } - - random_fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY); - if (random_fd < 0) { - r = log_error_errno(errno, "Failed to open /dev/urandom: %m"); - goto finish; - } - - } else { - log_error("Unknown verb '%s'.", argv[1]); - r = -EINVAL; - goto finish; } - if (refresh_seed_file) { + if (write_seed_file) { /* This is just a safety measure. Given that we are root and * most likely created the file ourselves the mode and owner From 8ba12aef045ba1a766a73f535a114781dbb763c2 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 6 Aug 2018 15:58:16 +0200 Subject: [PATCH 2/2] random-seed: write the machine ID into /dev/urandom as well This is some extra protection for sloppy "golden master" systems, where images are duplicated many times but the random seed is not deleted (or reset for each copy). That golden master systems have to reset /etc/machine-id is better known, and easier to notice (as having the same ID will result in address conflicts and suchlike quite often). Hence let's write the machine ID into /dev/urandom, in case it has been initialized and unlikely the stored random seed has been provisioned differently on each image. Note that we don't credit the entropy either way, hence in the case there's a cycle of a) generating the machine-id early at boot and b) writing it back into /dev/urandom late at boot it shouldn't matter. It's never going to make things worse, just in a few cases better. --- src/random-seed/random-seed.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index d25ee7d80a..f634625665 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -6,6 +6,8 @@ #include #include +#include "sd-id128.h" + #include "alloc-util.h" #include "fd-util.h" #include "io-util.h" @@ -136,6 +138,8 @@ int main(int argc, char *argv[]) { } if (read_seed_file) { + sd_id128_t mid; + int z; k = loop_read(seed_fd, buf, buf_size, false); if (k < 0) @@ -150,6 +154,21 @@ int main(int argc, char *argv[]) { if (r < 0) log_error_errno(r, "Failed to write seed to /dev/urandom: %m"); } + + /* Let's also write the machine ID into the random seed. Why? As an extra protection against "golden + * images" that are put together sloppily, i.e. images which are duplicated on multiple systems but + * where the random seed file is not properly reset. Frequently the machine ID is properly reset on + * those systems however (simply because it's easier to notice, if it isn't due to address clashes and + * so on, while random seed equivalence is generally not noticed easily), hence let's simply write the + * machined ID into the random pool too. */ + z = sd_id128_get_machine(&mid); + if (z < 0) + log_debug_errno(z, "Failed to get machine ID, ignoring: %m"); + else { + z = loop_write(random_fd, &mid, sizeof(mid), false); + if (z < 0) + log_debug_errno(z, "Failed to write machine ID to /dev/urandom, ignoring: %m"); + } } if (write_seed_file) {