This file is indexed.

/etc/init.d/urandom is in initscripts 2.88dsf-41+deb7u1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
#! /bin/sh
### BEGIN INIT INFO
# Provides:          urandom
# Required-Start:    $local_fs $time
# Required-Stop:     $local_fs
# Default-Start:     S
# Default-Stop:      0 6
# Short-Description: Save and restore random seed between restarts.
# Description:       This script saves the random seed between restarts.
#                    It is called from the boot, halt and reboot scripts.
### END INIT INFO

## Assumption 1:  We assume $SAVEDFILE is a file (or a symlink
## to a file) that resides on a non-volatile medium that persists
## across reboots.
## Case 1a: Ideally, it is readable and writeable.  Its is unshared,
## i.e. its contents are unique to this machine.  It is protected so
## that its contents are not known to attackers.
## Case 1b: Less than ideally, it is read-only.  Its contents are
## unique to this machine and not known to attackers.
SAVEDFILE=/var/lib/urandom/random-seed

[ -c /dev/urandom ] || exit 0

PATH=/sbin:/bin
if ! POOLBYTES=$((
  ($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8
)) ; then
  POOLBYTES=512
fi
. /lib/init/vars.sh

. /lib/lsb/init-functions

do_status () {
	if [ -f $SAVEDFILE ] ; then
		return 0
	else
		return 4
	fi
}

case "$1" in
  start|"")
	[ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator"
	# Seed the RNG with date and time.
	# This is helpful in the less-than-ideal case where $SAVEDFILE
	# is read-only.
	# The value of this is greatly reduced if $SAVEDFILE is missing,
	# or its contents are shared machine-to-machine or known to
	# attackers (since they might well know at what time this
	# machine booted up).
	(
	  date +%s.%N

	  # Load and then save $POOLBYTES bytes,
	  # which is the size of the entropy pool
	  if [ -f "$SAVEDFILE" ]
	  then
		  cat "$SAVEDFILE"
	  fi
	# Redirect output of subshell (not individual commands)
	# to cope with a misfeature in the FreeBSD (not Linux)
	# /dev/random, where every superuser write/close causes
	# an explicit reseed of the yarrow.
	) >/dev/urandom

	# Write a new seed into $SAVEDFILE because re-using a seed
	# compromises security.  Each time we re-seed, we want the
	# seed to be as different as possible.
	# Write it now, in case the machine crashes without doing
	# an orderly shutdown.
	# The write will fail if $SAVEDFILE is read-only, but it
	# doesn't hurt to try.
	umask 077
	dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1
	ES=$?
	umask 022
	[ "$VERBOSE" = no ] || log_action_end_msg $ES
	;;
  stop)
	# Carry a random seed from shut-down to start-up;
	# Write it on shutdown, in case the one written at startup
	# has been lost, snooped, or otherwise compromised.
	# see documentation in linux/drivers/char/random.c
	[ "$VERBOSE" = no ] || log_action_begin_msg "Saving random seed"
	umask 077
	dd if=/dev/urandom of=$SAVEDFILE bs=$POOLBYTES count=1 >/dev/null 2>&1
	ES=$?
	[ "$VERBOSE" = no ] || log_action_end_msg $ES
	;;
  status)
	do_status
	exit $?
	;;
  restart|reload|force-reload)
	echo "Error: argument '$1' not supported" >&2
	exit 3
	;;
  *)
	echo "Usage: urandom start|stop" >&2
	exit 3
	;;
esac

: