Fix /etc/rc.d/random umask handling (/entropy permissions)
Lu Tung-Pin
lutungpin at openmailbox.org
Sun Jan 22 01:23:15 UTC 2017
On 2017-01-21 22:01, Jilles Tjoelker wrote:
> [Adding Cc: Dag-Erling Smørgrav who committed r273957 which seems to
> have introduced this]
> On Sat, Jan 21, 2017 at 01:21:42AM +0000, Lu Tung-Pin wrote:
>> A 2014 change broke the umask handling in /etc/rc.d/random,
>> leaving /entropy with ug+r permissions. Quick fix attached,
Edit: go+r permissions.
> Switching the umask here will avoid incorrect permissions on /entropy
> on
> new installations, but will not fix existing systems. A chmod command
> may be useful here.
Note that random_start() first removes /entropy via feed_dev_random().
There's also a removal in random_stop(). Provided that a removal occurs,
the chmod won't be necessary on machines with an existing go+r /entropy.
I'm wondering, though: Would it be better to replace all the umask
fiddling with simple chmods? Every other rc.d script uses chmod if it
needs to set tighter permissions. When umask is used (dmesg, mountd,
syslogd), it's with a relaxed 022 setting.
More information about the freebsd-current
mailing list