1564. [func] Attempt to provide a fallback entropy source to be

used if named is running chrooted and named is unable to open entropy source within the chroot area. [RT #10133]
2025-08-30 05:57:52 +00:00 · 2004-01-27 02:13:22 +00:00 · 2004-01-27 02:13:22 +00:00 · f8dfdef682
commit f8dfdef682
parent b3d3e57841
4 changed files with 53 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+1564.	[func]		Attempt to provide a fallback entropy source to be
+			used if named is running chrooted and named is unable
+			to open entropy source within the chroot area.
+			[RT #10133]
+
 1563.	[bug]		Gracefully fail when unable to obtain neither an IPv4
 			nor an IPv6 dispatch. [RT #10230]

--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: globals.h,v 1.62 2003/07/25 02:22:23 marka Exp $ */
+/* $Id: globals.h,v 1.63 2004/01/27 02:13:22 marka Exp $ */

 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@ -45,6 +45,8 @@ EXTERN unsigned int		ns_g_cpus		INIT(0);
 EXTERN isc_taskmgr_t *		ns_g_taskmgr		INIT(NULL);
 EXTERN dns_dispatchmgr_t *	ns_g_dispatchmgr	INIT(NULL);
 EXTERN isc_entropy_t *		ns_g_entropy		INIT(NULL);
+EXTERN isc_entropy_t *		ns_g_fallbackentropy	INIT(NULL);
+
 /*
 * XXXRTH  We're going to want multiple timer managers eventually.  One
 *         for really short timers, another for client timers, and one
--- a/bin/named/main.c
+++ b/bin/named/main.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: main.c,v 1.133 2004/01/07 06:17:04 marka Exp $ */
+/* $Id: main.c,v 1.134 2004/01/27 02:13:22 marka Exp $ */

 #include <config.h>

@ -511,6 +511,9 @@ destroy_managers(void) {
 	ns_lwresd_shutdown();

 	isc_entropy_detach(&ns_g_entropy);
+	if (ns_g_fallbackentropy != NULL)
+		isc_entropy_detach(&ns_g_fallbackentropy);
+
 	/*
 	 * isc_taskmgr_destroy() will block until all tasks have exited,
 	 */
@ -544,6 +547,29 @@ setup(void) {

 	ns_os_opendevnull();

+#ifdef PATH_RANDOMDEV
+	/*
+	 * Initialize system's random device as fallback entropy source
+	 * if running chroot'ed.
+	 */
+	if (ns_g_chrootdir != NULL) {
+		result = isc_entropy_create(ns_g_mctx, &ns_g_fallbackentropy);
+		if (result != ISC_R_SUCCESS)
+			ns_main_earlyfatal("isc_entropy_create() failed: %s",
+					   isc_result_totext(result));
+
+		result = isc_entropy_createfilesource(ns_g_fallbackentropy,
+						      PATH_RANDOMDEV);
+		if (result != ISC_R_SUCCESS) {
+			ns_main_earlywarning("could not open pre-chroot "
+					     "entropy source %s: %s",
+					     PATH_RANDOMDEV,
+					     isc_result_totext(result));
+			isc_entropy_detach(&ns_g_fallbackentropy);
+		}
+	}
+#endif
+
 	ns_os_chroot(ns_g_chrootdir);

 	/*
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: server.c,v 1.410 2004/01/27 01:19:41 marka Exp $ */
+/* $Id: server.c,v 1.411 2004/01/27 02:13:22 marka Exp $ */

 #include <config.h>

@ -2358,6 +2358,23 @@ load_configuration(const char *filename, ns_server_t *server,
 					      "%s: %s",
 					      randomdev,
 					      isc_result_totext(result));
+#ifdef PATH_RANDOMDEV
+			if (ns_g_fallbackentropy != NULL) {
+				if (result != ISC_R_SUCCESS) {
+					isc_log_write(ns_g_lctx,
+						      NS_LOGCATEGORY_GENERAL,
+						      NS_LOGMODULE_SERVER,
+						      ISC_LOG_INFO,
+						      "using pre-chroot entropy source "
+						      "%s",
+						      PATH_RANDOMDEV);
+					isc_entropy_detach(&ns_g_entropy);
+					isc_entropy_attach(ns_g_fallbackentropy,
+							   &ns_g_entropy);
+				}
+				isc_entropy_detach(&ns_g_fallbackentropy);
+			}
+#endif
 		}
 	}