Re: Should random.seed on shutdown be saved a little later?

[Kevin Chadwick]

> > > Whilst likely not a major issue. I also started to wonder whilst
> > > reading man rc.shutdown, if a daemon or other process could potentially
> > > use /dev/urandom between saving the seed and shutdown so could/should
> > > the random.seed be saved a little later after /etc/rc.shutdown runs?    
> > 
> > 
> > that doesn't matter.  
> 
> Ok cool no should, but is there any reason not to make it easier for RO
> setups by moving the random.seed to after rc.shutdown runs? Would a
> patch for rc and the man page be welcome?

Index: src/etc/rc
===================================================================
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.474
diff -u -p -r1.474 rc
--- src/etc/rc  29 Dec 2015 19:41:24 -0000      1.474
+++ src/etc/rc  6 Apr 2016 16:09:18 -0000
@@ -211,13 +211,6 @@ FUNCS_ONLY=1 . /etc/rc.d/rc.subr
 _rc_parse_conf
 
 if [[ $1 == shutdown ]]; then
-       if echo 2>/dev/null >>/var/db/host.random || \
-           echo 2>/dev/null >>/etc/random.seed; then
-               random_seed
-       else
-               echo warning: cannot write random seed to disk
-       fi
-
        # If we are in secure level 0, assume single user mode.
        if (($(sysctl -n kern.securelevel) == 0)); then
                echo 'single user: not running shutdown scripts'
@@ -234,6 +227,13 @@ if [[ $1 == shutdown ]]; then
                fi
 
                [[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown
+       fi
+
+       if echo 2>/dev/null >>/var/db/host.random || \
+           echo 2>/dev/null >>/etc/random.seed; then
+               random_seed
+       else
+               echo warning: cannot write random seed to disk
        fi
 
        # Bring carp interfaces down gracefully.


Index: src/share/man/man8/rc.shutdown.8
===================================================================
RCS file: /cvs/src/share/man/man8/rc.shutdown.8,v
retrieving revision 1.14
diff -u -p -r1.14 rc.shutdown.8
--- src/share/man/man8/rc.shutdown.8    14 Jul 2014 09:14:11 -0000
1.14 +++ src/share/man/man8/rc.shutdown.8    6 Apr 2016 16:06:10 -0000
@@ -49,9 +49,7 @@ This document details the actions taken 
 .Xr rc 8
 in such an instance.
 .Pp
-Firstly it saves random data for reseeding the kernel random number
-generator during the next boot.
-It then stops any daemons
+Firstly it stops any daemons
 defined in the
 .Va pkg_scripts
 variable in
@@ -65,6 +63,9 @@ then runs
 .Nm .
 The administrator should place in this file
 any commands they wish to have executed during shutdown.
+.Pp
+Next it saves random data for reseeding the kernel random number
+generator during the next boot.
 .Pp
 Finally, all
 .Xr carp 4


-- 

KISSIS - Keep It Simple So It's Securable