Bug #292239: Make remix of /dev/urandom optional.

(Portage version: 2.2_rc75/cvs/Linux x86_64)

2 files changed, 9 insertions, 3 deletions

diff --git a/sys-apps/rng-tools/files/2-r2/rngd b/sys-apps/rng-tools/files/2-r2/rngd
index 8d8cb2c07f3f..76ac703069bc 100644
--- a/sys-apps/rng-tools/files/2-r2/rngd
+++ b/sys-apps/rng-tools/files/2-r2/rngd
@@ -1,7 +1,7 @@
 #!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/2-r2/rngd,v 1.1 2009/11/10 03:15:06 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/2-r2/rngd,v 1.2 2010/09/15 08:36:14 robbat2 Exp $
 
 depend() {
 	need localmount
@@ -10,8 +10,9 @@ depend() {
 
 BINARY=/usr/sbin/rngd
 # Do NOT add /dev/tpm to this.
-DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng* /dev/urandom"
+DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*"
 DEFAULT_TPM_DEVICE="/dev/tpm*"
+[ $DO_NOT_REMIX_URANDOM -eq 0 ] && DEFAULT_DEVICE="${DEFAULT_DEVICE} /dev/urandom"
 
 find_device() {
 	# The echo is to cause globbing
diff --git a/sys-apps/rng-tools/files/2-r2/rngd-conf b/sys-apps/rng-tools/files/2-r2/rngd-conf
index d6efc7466f5c..0702ece0ae14 100644
--- a/sys-apps/rng-tools/files/2-r2/rngd-conf
+++ b/sys-apps/rng-tools/files/2-r2/rngd-conf
@@ -20,3 +20,8 @@ NO_TPM=0
 # Fill watermark
 # 0 <= n <= 4096
 WATERMARK=2048
+
+# Bug #292239: Remixing /dev/urandom back into /dev/random is considered a
+# security vulnerability in some cases where not enough entropy is present on
+# systems.
+DO_NOT_REMIX_URANDOM=0