From owner-freebsd-current@freebsd.org Sun Jan 22 01:23:15 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C465CB0E9A for ; Sun, 22 Jan 2017 01:23:15 +0000 (UTC) (envelope-from lutungpin@openmailbox.org) Received: from lb1.openmailbox.org (lb1.openmailbox.org [5.79.108.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05261DB9; Sun, 22 Jan 2017 01:23:14 +0000 (UTC) (envelope-from lutungpin@openmailbox.org) Received: by lb1.openmailbox.org (Postfix, from userid 20002) id 47BDE519F95; Sun, 22 Jan 2017 02:22:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1485048131; bh=3Yf70nUuBSnYsdM/wKigCk+KEXH2Ea2c/1JslUaRFQo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=1E7gT33xoiQzzjjdLxm0zFBtQ+savKSVKsyXbzRK8nkVZvFiumJtjwnXq8DqZf2wK qRkNQnlp59wxXQ3WiLZu0/BaNTEHEv1Bsv6xw8FkYKQCx9GoPRxNc49QBKGo1r5Mqx SCVffhlBG6v4CRwquOQ411wpJDdg+12u5rgLsphA= Received: from www.openmailbox.org (unknown [10.0.0.3]) by lb1.openmailbox.org (Postfix) with ESMTP id ECDA151AB20; Sun, 22 Jan 2017 02:22:07 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Sun, 22 Jan 2017 01:22:07 +0000 From: Lu Tung-Pin To: Jilles Tjoelker Cc: freebsd-current@freebsd.org, des@freebsd.org Subject: Re: Fix /etc/rc.d/random umask handling (/entropy permissions) In-Reply-To: <20170121220136.GA59654@stack.nl> References: <14f5a2fdf191c33e4ed1dc882b288e81@openmailbox.org> <20170121220136.GA59654@stack.nl> Message-ID: <759c32a300bbea18344a7f52fe2f009d@openmailbox.org> X-Sender: lutungpin@openmailbox.org User-Agent: Roundcube Webmail/1.0.6 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jan 2017 01:23:15 -0000 On 2017-01-21 22:01, Jilles Tjoelker wrote: > [Adding Cc: Dag-Erling Smørgrav who committed r273957 which seems to > have introduced this] > On Sat, Jan 21, 2017 at 01:21:42AM +0000, Lu Tung-Pin wrote: >> A 2014 change broke the umask handling in /etc/rc.d/random, >> leaving /entropy with ug+r permissions. Quick fix attached, Edit: go+r permissions. > Switching the umask here will avoid incorrect permissions on /entropy > on > new installations, but will not fix existing systems. A chmod command > may be useful here. Note that random_start() first removes /entropy via feed_dev_random(). There's also a removal in random_stop(). Provided that a removal occurs, the chmod won't be necessary on machines with an existing go+r /entropy. I'm wondering, though: Would it be better to replace all the umask fiddling with simple chmods? Every other rc.d script uses chmod if it needs to set tighter permissions. When umask is used (dmesg, mountd, syslogd), it's with a relaxed 022 setting.