errors happening with /usr/libexec/save-entropy on 12.1-p10

tech-lists tech-lists at zyxst.net
Sun Oct 11 03:05:42 UTC 2020 

Hi,

I've noticed recently in the daily security email that *sometimes* when
this is run out of /etc/crontab on a 12.1-p10 system:

# Save some entropy so that /dev/random can re-seed on boot.
*/11    *       *       *       *       operator
/usr/libexec/save-entropy

that it'll generate an error visible in the security email like this:

[redacted] kernel log messages: +pid 12995 (dd), uid 2 inumber 2086730
on /: filesystem full

(the filesystem has plenty of inodes spare and plenty of space)

It's the only one I've seen so far (12.1-p10) with this issue. 12-stable
doesn't have this problem, but the /usr/libexec/save-entropy is 
significantly different:

[12.1-p10 snip]
umask 377

n=$(( ${entropy_save_num} - 1 ))
while [ ${n} -ge 1 ]; do
         if [ -f "saved-entropy.${n}" ]; then
                 mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))"
         elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then
                 logger -is -t "$0" \
         "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \
             it will not be rotated. Entropy file rotation is aborted.
                 exit 1
         fi
         n=$(( ${n} - 1 ))
done

dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null

exit 0
[snip]

Weird umask too. What's also weird is that it doesn't happen when it's
*not* expected to be under load.

$FreeBSD: stable/12/libexec/save-entropy/save-entropy.sh 355748
2019-12-14 09:49:09Z delphij $ has this:

[12-stable-r365826-snip]

# 3. Check if the pointer we have in hand is really a regular file or
#    an empty slot, and bail out as that means there is no available slot.
#
if [ -e "${save_file}" -a ! -f "${save_file}" ]; then
         logger -is -t "$0" \
                 No available slot in "${entropy_dir}", save entropy is aborted.
         exit 1
fi

# Save entropy to the selected slot.
chmod 600 "${save_file}" 2>/dev/null || :
dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null
chflags nodump "${save_file}" 2>/dev/null || :
fsync "${save_file}" "."

[snip]

What I'm asking is, would transplanting a working 12-stable /usr/libexec/save-entropy 
into the 12.1-p10 system having the problem be a simple fix or are there
other things I've not considered, like the entropy subsystem being 
significantly modified between 12.1-R and recent 12-stable?

thanks,
-- 
J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20201011/b1d8a668/attachment.sig>

More information about the freebsd-questions mailing list