[Buildroot] [PATCH] system/permissions: /etc/random-seed must be mode 600

Gustavo Zacarias gustavo at zacarias.com.ar
Thu Nov 20 21:58:23 UTC 2014


On 11/20/2014 06:27 PM, Jérôme Pouiller wrote:
> Just curiosity, does it make sense to provide a random seed? I mean, it is not 
> very random, is it?

I have another patch that creates random-seed at build-time that i'm
testing.
That's not too good either since it's fixed "per firmware image" so to
speak, but at least it's better than an easily downloadable fixed seed
from many mirrors :)
The problem with mode 744 (currently) is that anyone can read the seed,
which as we know is fixed for now, but they can also read the evolved
seed too _IF_ the box/device shutdowns properly.
I guess it's time to write some best practices documentation, in this
aspect we can't cover for all the varying possibilities i'm afraid.
Ideally a separate partition/eeprom would contain the seed so as to make
it unique to each device and firmware-independant.
And no, using the device MAC address/serial number for this isn't that
good :)
Regards.




More information about the buildroot mailing list