/etc/init.d/urandom is in initscripts 2.88dsf-41+deb7u1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | #! /bin/sh
### BEGIN INIT INFO
# Provides: urandom
# Required-Start: $local_fs $time
# Required-Stop: $local_fs
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: Save and restore random seed between restarts.
# Description: This script saves the random seed between restarts.
# It is called from the boot, halt and reboot scripts.
### END INIT INFO
## Assumption 1: We assume $SAVEDFILE is a file (or a symlink
## to a file) that resides on a non-volatile medium that persists
## across reboots.
## Case 1a: Ideally, it is readable and writeable. Its is unshared,
## i.e. its contents are unique to this machine. It is protected so
## that its contents are not known to attackers.
## Case 1b: Less than ideally, it is read-only. Its contents are
## unique to this machine and not known to attackers.
SAVEDFILE=/var/lib/urandom/random-seed
[ -c /dev/urandom ] || exit 0
PATH=/sbin:/bin
if ! POOLBYTES=$((
($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8
)) ; then
POOLBYTES=512
fi
. /lib/init/vars.sh
. /lib/lsb/init-functions
do_status () {
if [ -f $SAVEDFILE ] ; then
return 0
else
return 4
fi
}
case "$1" in
start|"")
[ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator"
# Seed the RNG with date and time.
# This is helpful in the less-than-ideal case where $SAVEDFILE
# is read-only.
# The value of this is greatly reduced if $SAVEDFILE is missing,
# or its contents are shared machine-to-machine or known to
# attackers (since they might well know at what time this
# machine booted up).
(
date +%s.%N
# Load and then save $POOLBYTES bytes,
# which is the size of the entropy pool
if [ -f "$SAVEDFILE" ]
then
cat "$SAVEDFILE"
fi
# Redirect output of subshell (not individual commands)
# to cope with a misfeature in the FreeBSD (not Linux)
# /dev/random, where every superuser write/close causes
# an explicit reseed of the yarrow.
) >/dev/urandom
# Write a new seed into $SAVEDFILE because re-using a seed
# compromises security. Each time we re-seed, we want the
# seed to be as different as possible.
# Write it now, in case the machine crashes without doing
# an orderly shutdown.
# The write will fail if $SAVEDFILE is read-only, but it
# doesn't hurt to try.
umask 077
dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1
ES=$?
umask 022
[ "$VERBOSE" = no ] || log_action_end_msg $ES
;;
stop)
# Carry a random seed from shut-down to start-up;
# Write it on shutdown, in case the one written at startup
# has been lost, snooped, or otherwise compromised.
# see documentation in linux/drivers/char/random.c
[ "$VERBOSE" = no ] || log_action_begin_msg "Saving random seed"
umask 077
dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1
ES=$?
[ "$VERBOSE" = no ] || log_action_end_msg $ES
;;
status)
do_status
exit $?
;;
restart|reload|force-reload)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
*)
echo "Usage: urandom start|stop" >&2
exit 3
;;
esac
:
|