misc/59709: inconsistent entropy $random_file locations settings

[sr%genyosha.net@localhost]

>Number:         59709
>Category:       misc
>Synopsis:       inconsistent entropy $random_file locations settings
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct 18 18:00:00 +0000 2025
>Originator:     Steve Rikli
>Release:        10.1 11.0_BETA
>Organization:
>Environment:
NetBSD vm01.home.genyosha.net 11.0_BETA NetBSD 11.0_BETA (GENERIC) #0: Thu Oct  9 09:29:07 UTC 2025  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
There are several separate methods and config files to set the system entropy
$random_file location, and they are independent/disconnected. This can lead to
unexpected entropy selection.

A recent email thread about this:
  https://mail-index.netbsd.org/netbsd-users/2025/10/12/msg033274.html

The /etc/rc.d/random_seed script sets:
  random_file="${random_file:-/var/db/entropy-file}"
  
this setting is in /etc/defaults/security.conf :
  random_file=/var/db/entropy-file

there is no setting or mention of random_file in /etc/defaults/rc.conf .

However, setting random_file in /etc/security.conf doesn't result in system
entropy using that file; instead the random_file location must be set in
/etc/rc.conf for the system to use it.

Note: sysinst properly adds a random_file setting to /etc/rc.conf during
initial install if needed, e.g. if / and /var/ are separate filesystems.

Documentation (man pages and /etc/defaults/* data) for the methods could be
better. The possible config files for setting entropy file location are:

1. /etc/rc.conf; random_file is mentioned but not described in rc.conf(5)
2. /etc/security.conf; security.conf(5) describes random_file pretty well
3. /boot.cfg; rndseed keyword is described in boot.cfg(5)

>How-To-Repeat:
1. set random_file location in /etc/security.conf, e.g. /etc/entropy-file
2. no random_file setting in /etc/rc.conf
3. during reboot, random_file location from /etc/security.conf is unused
4. /var/db/entropy-file will be created by /etc/rc.d/random_seed
 NOTE: this may be an undesired result, e.g. if / and /var/ are separate
  filesystems

The reverse case:

1. set random_file location in /etc/rc.conf, e.g. /etc/entropy-file
2. no random_file setting in /etc/security.conf
3. during reboot, random_file setting from rc.conf is used for system entropy

It's also possible to set different random_file values in rc.conf and
security.conf, but only rc.conf setting will be used for system entropy.
The 2nd file set by /etc/security.conf is mostly harmless, but pointless.

>Fix:
Summary from the mailing list thread: location of the entropy random_file should
be defined in one place, and rc.conf is the right place.

1. add to /etc/defaults/rc.conf

   random_file=/var/db/entropy-file

2. add text entry for random_file from security.conf(5) to rc.conf(5)

   random_file    Name of the entropy seed file used at boot.  Default is
                  /var/db/entropy-file as used by /etc/rc.d/random_seed.
                  Set random_file to empty to disable saving a seed every
                  time /etc/security runs.

3. Greg Troxel also suggests /etc/security should call /etc/rc.d/random_seed
   for entropy instead of separate code for random_file

Depending on step 3, these additional steps should be considered:

4. remove the random_file line from /etc/defaults/security.conf
5. remove the random_file text from security.conf(5)