svn commit: r281160 - head/usr.sbin/bsdinstall/scripts
Devin Teske
dteske at FreeBSD.org
Mon Apr 6 18:03:36 UTC 2015
Author: dteske
Date: Mon Apr 6 18:03:35 2015
New Revision: 281160
URL: https://svnweb.freebsd.org/changeset/base/281160
Log:
Fix permissions on ZFS root encryption key (644 -> 600).
MFC after: 3 days
X-MFC-to: stable/10 stable/9
Security: CVE-2015-1415
Reported by: Pierre Kim
Modified:
head/usr.sbin/bsdinstall/scripts/zfsboot
Modified: head/usr.sbin/bsdinstall/scripts/zfsboot
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 17:39:36 2015 (r281159)
+++ head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 18:03:35 2015 (r281160)
@@ -1128,6 +1128,9 @@ zfs_create_boot()
f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \
/dev/random "$bootpool/$zroot_key" \
"bs=4096 count=1" || return $FAILURE
+ f_eval_catch $funcname "$CHMOD_MODE" \
+ go-wrx "$bootpool/$zroot_key" ||
+ return $FAILURE
else
# Clean up
f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \
More information about the svn-src-all
mailing list