errors happening with /usr/libexec/save-entropy on 12.1-p10
tech-lists
tech-lists at zyxst.net
Sun Oct 11 03:05:42 UTC 2020
Hi,
I've noticed recently in the daily security email that *sometimes* when
this is run out of /etc/crontab on a 12.1-p10 system:
# Save some entropy so that /dev/random can re-seed on boot.
*/11 * * * * operator
/usr/libexec/save-entropy
that it'll generate an error visible in the security email like this:
[redacted] kernel log messages: +pid 12995 (dd), uid 2 inumber 2086730
on /: filesystem full
(the filesystem has plenty of inodes spare and plenty of space)
It's the only one I've seen so far (12.1-p10) with this issue. 12-stable
doesn't have this problem, but the /usr/libexec/save-entropy is
significantly different:
[12.1-p10 snip]
umask 377
n=$(( ${entropy_save_num} - 1 ))
while [ ${n} -ge 1 ]; do
if [ -f "saved-entropy.${n}" ]; then
mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
logger -is -t "$0" \
"${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
it will not be rotated. Entropy file rotation is aborted.
exit 1
fi
n=$(( ${n} - 1 ))
done
dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
exit 0
[snip]
Weird umask too. What's also weird is that it doesn't happen when it's
*not* expected to be under load.
$FreeBSD: stable/12/libexec/save-entropy/save-entropy.sh 355748
2019-12-14 09:49:09Z delphij $ has this:
[12-stable-r365826-snip]
# 3. Check if the pointer we have in hand is really a regular file or
# an empty slot, and bail out as that means there is no available slot.
#
if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
logger -is -t "$0" \
No available slot in "${entropy_dir}", save entropy is aborted.
exit 1
fi
# Save entropy to the selected slot.
chmod 600 "${save_file}" 2>/dev/null || :
dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null
chflags nodump "${save_file}" 2>/dev/null || :
fsync "${save_file}" "."
[snip]
What I'm asking is, would transplanting a working 12-stable /usr/libexec/save-entropy
into the 12.1-p10 system having the problem be a simple fix or are there
other things I've not considered, like the entropy subsystem being
significantly modified between 12.1-R and recent 12-stable?
thanks,
--
J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20201011/b1d8a668/attachment.sig>
More information about the freebsd-questions
mailing list