first: don't use reply-all on mailing-lists for a lot of reasons!
Am 02.07.2015 um 04:37 schrieb Brandon Vincent (Student):
I would have to disagree with you. I get the exact issues in the bug
report on a Sandy Bridge machine without a HRNG (no rdrand extension)
if there is no entropy source exists rngd would exit after a lot of more
than 3 messages - period
[root@buildserver:~]$ systemctl status rngd.service
● rngd.service - Entropy Daemon (Hardware RNG)
Loaded: loaded (/etc/systemd/system/rngd.service; disabled)
Active: inactive (dead) since Do 2015-07-02 09:28:15 CEST; 24s ago
Process: 8052 ExecStart=/sbin/rngd --no-tpm=1 -f (code=exited,
status=0/SUCCESS)
Main PID: 8052 (code=exited, status=0/SUCCESS)
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: read error
Jul 02 09:28:15
buildserver.thelounge.net rngd[8052]: No entropy sources
working, exiting rngd
[root@buildserver:~]$ ps aux | grep rngd
[root@buildserver:~]$
A default install of Fedora 22 has the rngd service enabled and
it actively searches for /dev/hwrng.
bad decision - haveged would have been the better one because it is
independent of hardware and there are distributions inculding it even in
the initrd
This is obviously bad error handling and not a security issue
i never pretened the opposite and frankly even did not realize that this
was postet to the security-list at all