Re: rngd read errors at boot time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

first: don't use reply-all on mailing-lists for a lot of reasons!

Am 02.07.2015 um 04:37 schrieb Brandon Vincent (Student):
> I would have to disagree with you. I get the exact issues in the bug > report on a Sandy Bridge machine without a HRNG (no rdrand extension)
if there is no entropy source exists rngd would exit after a lot of more than 3 messages - period 

[root@buildserver:~]$ systemctl status rngd.service
● rngd.service - Entropy Daemon (Hardware RNG)
Loaded: loaded (/etc/systemd/system/rngd.service; disabled)
Active: inactive (dead) since Do 2015-07-02 09:28:15 CEST; 24s ago
Process: 8052 ExecStart=/sbin/rngd --no-tpm=1 -f (code=exited, status=0/SUCCESS) 
Main PID: 8052 (code=exited, status=0/SUCCESS)

Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15 buildserver.thelounge.net rngd[8052]: No entropy sources working, exiting rngd 
[root@buildserver:~]$ ps aux | grep rngd
[root@buildserver:~]$

> A default install of Fedora 22 has the rngd service enabled and
> it actively searches for /dev/hwrng.
bad decision - haveged would have been the better one because it is independent of hardware and there are distributions inculding it even in the initrd 

> This is obviously bad error handling and not a security issue
i never pretened the opposite and frankly even did not realize that this was postet to the security-list at all

Attachment: signature.asc
Description: OpenPGP digital signature

--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux