I dug some more. This is just getting better, look:
root@Delta:~# lsof /dev/urandom lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/gebruiker/.gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME smbd 2714 root 4r CHR 1,9 0t0 268 /dev/urandom cupsd 2768 root 7r CHR 1,9 0t0 268 /dev/urandom smbd 2797 root 4r CHR 1,9 0t0 268 /dev/urandom xfce4-ses 3045 gebruiker 13r CHR 1,9 0t0 268 /dev/urandom xfce4-mai 3077 gebruiker 6r CHR 1,9 0t0 268 /dev/urandom charon 21021 root 11r CHR 1,9 0t0 268 /dev/urandom charon 21021 root 12r CHR 1,9 0t0 268 /dev/urandom chromium- 22123 gebruiker 27r CHR 1,9 0t0 268 /dev/urandom chromium- 22128 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom chromium- 22158 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom chromium- 22184 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom charon 22395 root 11r CHR 1,9 0t0 268 /dev/urandom charon 22395 root 12r CHR 1,9 0t0 268 /dev/urandom
Charon is listed while having urandom opened! So I did a strace (including forks this time!) to see what charon is actually doing, it fails on this (I attached the full trace):
[pid 22519] open("/dev/urandom", O_RDONLY) = -1 EACCES (Permission denied)
Which crazy since:
root@Delta:~# ps -p 21021,22515,21020,22514 -o args,group,pgid,ppid,rgroup,ruser,tty,user,gid,rgid,ruid,uid COMMAND GROUP PGID PPID RGROUP RUSER TT USER GID RGID RUID UID /usr/lib/ipsec/starter root 21020 1 root root ? root 0 0 0 0 /usr/lib/ipsec/charon --use root 21021 21020 root root ? root 0 0 0 0 /usr/lib/ipsec/starter root 22514 1 root root ? root 0 0 0 0 /usr/lib/ipsec/charon --use root 22515 22514 root root ? root 0 0 0 0
I dug some more. This is just getting better, look:
root@Delta:~# lsof /dev/urandom fuse-daemon file system /home/gebruiker /.gvfs
lsof: WARNING: can't stat() fuse.gvfs-
Output information may be incomplete.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
smbd 2714 root 4r CHR 1,9 0t0 268 /dev/urandom
cupsd 2768 root 7r CHR 1,9 0t0 268 /dev/urandom
smbd 2797 root 4r CHR 1,9 0t0 268 /dev/urandom
xfce4-ses 3045 gebruiker 13r CHR 1,9 0t0 268 /dev/urandom
xfce4-mai 3077 gebruiker 6r CHR 1,9 0t0 268 /dev/urandom
charon 21021 root 11r CHR 1,9 0t0 268 /dev/urandom
charon 21021 root 12r CHR 1,9 0t0 268 /dev/urandom
chromium- 22123 gebruiker 27r CHR 1,9 0t0 268 /dev/urandom
chromium- 22128 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom
chromium- 22158 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom
chromium- 22184 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom
charon 22395 root 11r CHR 1,9 0t0 268 /dev/urandom
charon 22395 root 12r CHR 1,9 0t0 268 /dev/urandom
Charon is listed while having urandom opened! So I did a strace (including forks this time!) to see what charon is actually doing, it fails on this (I attached the full trace):
[pid 22519] open("/ dev/urandom" , O_RDONLY) = -1 EACCES (Permission denied)
Which crazy since:
root@Delta:~# ps -p 21021,22515, 21020,22514 -o args,group, pgid,ppid, rgroup, ruser,tty, user,gid, rgid,ruid, uid ipsec/starter root 21020 1 root root ? root 0 0 0 0 ipsec/charon --use root 21021 21020 root root ? root 0 0 0 0 ipsec/starter root 22514 1 root root ? root 0 0 0 0 ipsec/charon --use root 22515 22514 root root ? root 0 0 0 0
COMMAND GROUP PGID PPID RGROUP RUSER TT USER GID RGID RUID UID
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/