[systemd-devel] should random seeds go into /var/cache?

Lennart Poettering lennart at poettering.net
Mon May 2 09:19:37 UTC 2022 

On So, 01.05.22 12:28, Jason A. Donenfeld (Jason at zx2c4.com) wrote:

> Hey,
>
> I've been working on my small seedrng utility, which is more or less
> the same thing as systemd-random-seed.service, with a few unimportant
> design differences here and there. As I'd worked with
> systemd-random-seed.service quite a bit before, its choices comprised
> much of my mental model starting out.
>
> One of the things I did like systemd-random-seed.service without
> really thinking too much about it is I made use of /var/lib/seedrng/,
> just as systemd uses /var/lib/systemd/random-seed/. Seems reasonable
> enough I guess. But I was thinking: wouldn't /var/cache/{blah}/ be the
> better for this? Seeds are supposed to be somewhat volatile, and
> shouldn't be copied between images, and the default behavior of
> /var/lib is usually to be copied, whereas /var/cache usually isn't.
> There's also /var/tmp too, right? Which is supposed to be never a
> tmpfs or something? But "cache" seems a bit more fitting than
> "temporary".

/var/tmp/ is definitely the wrong place: it's a shared namespace, thus
any unprivileged code can put stuff there, and fight for the file name
of the random seed. At best that's a DoS, at worst this will poison
the RNG pool, since unpriv code gets control on how to seed it.

> Anyway, I'm not really sure what makes the most sense, and it seems
> like FHS placement is more of an art than a science. I don't think I'm
> super far off, though, in at least wondering whether random seeds
> belong in /var/cache rather than /var/lib.
>
> Does anybody have opinions on this? Should I just submit a PR moving
> the systemd seeds to /var/cache and see what happens?

I think /var/cache/ is not the right place, because of the weak
persistency guarantees on it. i.e. /var/cache/ much like /var/tmp/
means "hey, please keep this, but it's OK if you don't". I think
that's too little though for the random seed, because if the random
seed is not kept it's entirely useless. There is no need to keep a
random seed in the file system if it would be flushed out on each
boot...

/var/lib/ otoh sounds much more appropriate as it means "please keep
this", and that's exactly the persistance requirement we want here.

Lennart

--
Lennart Poettering, Berlin

More information about the systemd-devel mailing list