micahflee/fixubuntu

Disable Pollinate

sarciszewski opened this issue · 4 comments

https://wiki.ubuntu.com/Security/Features#prng-cloud

Pollinate (getting entropy over the network) is NOT a good idea. While we're fixing Ubuntu, we should remove this potential RNG vulnerability.

Refer to this article: http://www.lothar.com/blog/48-remote-entropy/

Can you confirm that this is enabled by default in Ubuntu Desktop, or is it only Ubuntu Server? And actually, are you sure it's enabled by default and not something that you have to turn on? I'd want to do some testing first to be sure.

Sure, I'll download the 14.04 beta and play around with it after this weekend is over.

Wow, I totally forgot to do this.

root@resonantcore:~# man pollen
No manual entry for pollen
root@resonantcore:~# man pollinate
No manual entry for pollinate
root@resonantcore:~# apt-get purge pollinate
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'pollinate' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@resonantcore:~# apt-get purge pollen
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package 'pollen' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@resonantcore:~# 

It doesn't appear to be installed by default.

kanoi commented

It is enabled by default in Ubuntu 18.04.2 LTS