From owner-freebsd-security@freebsd.org Mon May 22 00:00:12 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34CC0D78C34; Mon, 22 May 2017 00:00:12 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF492178B; Mon, 22 May 2017 00:00:11 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-wm0-f44.google.com with SMTP id d127so131870311wmf.0; Sun, 21 May 2017 17:00:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=Leu/A6DTSZfKrpzRZ+lcUyrGk3+9X4A94zsjKLxspGs=; b=TVY3gyJj/0xJOnoQG55WSDoyVMsmgFptOQOIXmEarCYSwm7baTjtj73feAn8NhIM3v r64r1nl2M+R0iHQIu3s1Whl6RKhQ1M3rSCPB/ZxEaEDMiVRzF7B1rBFkYFCrxozAMJp/ KSCp7MjMnI9XrDEORi5NJ00FJHr0tmunzykzVZgVgvGaz3rJyj7yc0ESroYMyY4IerVn j2JQybxE9x2CEuyGNrMjjxb5Ol9FT/icGSEZtEhnaY+yxnr/D6G+qTCqrmFa9wQ3hcLn yUqw8WlPkkN4WHjb91+3Tgn4I+f3uIm/PuhtopJxcUf/rPWHoLBypWnr2nD8HBd66Uuo HDKw== X-Gm-Message-State: AODbwcCsIaeXuOyR3dQFCe4nlzyPzSYW6b7L6QR4C5buD6DB1iEMtX6v nAwfGllCcMqzpQ== X-Received: by 10.223.164.81 with SMTP id e17mr8910200wra.133.1495410714666; Sun, 21 May 2017 16:51:54 -0700 (PDT) Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com. [74.125.82.44]) by smtp.gmail.com with ESMTPSA id j44sm6560273wre.67.2017.05.21.16.51.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 21 May 2017 16:51:54 -0700 (PDT) Received: by mail-wm0-f44.google.com with SMTP id 7so45697444wmo.1; Sun, 21 May 2017 16:51:53 -0700 (PDT) X-Received: by 10.80.184.117 with SMTP id k50mr15386803ede.113.1495410713873; Sun, 21 May 2017 16:51:53 -0700 (PDT) MIME-Version: 1.0 Reply-To: cem@freebsd.org Received: by 10.80.169.4 with HTTP; Sun, 21 May 2017 16:51:53 -0700 (PDT) In-Reply-To: References: <6f6b47ed-84e0-e4c0-9df5-350620cff45b@metricspace.net> <20170327183735.uokjhjaafkawc2id@mutt-hbsd> From: Conrad Meyer Date: Sun, 21 May 2017 16:51:53 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Proposal for a design for signed kernel/modules/etc To: Eric McCorkle Cc: "freebsd-hackers@freebsd.org" , freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Mailman-Approved-At: Mon, 22 May 2017 02:27:59 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2017 00:00:12 -0000 Hi Eric, On Wed, Mar 29, 2017 at 7:22 PM, Eric McCorkle wrote: >... > == Specifics == > >... > > * A signed ELF will definitely contain a .sign section containing a > single detached signature in PKCS#7 format with DER encoding. I'm concerned about the complexity of parsing PKCS#7 (including ASN.1) in places that need to validate signed objects. In particular, the kernel (for runtime-loaded objects). Complex parsers are a common source of security bugs, so PKCS#7 doesn't seem like a good fit for security-critical code like the kernel syscall interface. Could a more minimal format take the place of PKCS#7 in .sign sections? Thanks, Conrad From owner-freebsd-security@freebsd.org Thu May 25 12:30:39 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4A52D80C2E for ; Thu, 25 May 2017 12:30:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B489C1292 for ; Thu, 25 May 2017 12:30:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4PCUdix075667 for ; Thu, 25 May 2017 12:30:39 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Thu, 25 May 2017 12:30:39 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: fk@fabiankeil.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 25 May 2017 16:05:43 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2017 12:30:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 Bug ID: 219527 Summary: Flawed umask handling in /etc/rc.d/random Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Keywords: regression Severity: Affects Many People Priority: --- Component: misc Assignee: freebsd-bugs@FreeBSD.org Reporter: fk@fabiankeil.de CC: freebsd-security@FreeBSD.org Lu Tung-Pin reported on freebsd-current@ a couple of months ago: | A 2014 change broke the umask handling in /etc/rc.d/random, | leaving /entropy with ug+r permissions. Quick fix attached, | mirroring random_stop() behavior. https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064602.html A couple of patch improvements were suggested but none of them were committed. It would be great if one of the proposed fixes would make it into 11.1. I've been using the original version of the patch since January and can confirm that it works as advertised. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Thu May 25 17:10:05 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF293D82BFD for ; Thu, 25 May 2017 17:10:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9E7861B28 for ; Thu, 25 May 2017 17:10:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4PHA5M0066587 for ; Thu, 25 May 2017 17:10:05 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Thu, 25 May 2017 17:10:05 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: delphij@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: des@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 25 May 2017 17:23:15 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2017 17:10:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 Xin LI changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |delphij@FreeBSD.org, | |markm@FreeBSD.org, | |security-officer@FreeBSD.or | |g Assignee|freebsd-bugs@FreeBSD.org |des@FreeBSD.org --- Comment #1 from Xin LI --- Hi, Dag-Erling / Mark, Could you please take a look at this? The proposed change looks reasonable= to me. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Thu May 25 17:28:00 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 99EF1D81807 for ; Thu, 25 May 2017 17:28:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6FB9E1E40 for ; Thu, 25 May 2017 17:28:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4PHS0oA007418 for ; Thu, 25 May 2017 17:28:00 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Thu, 25 May 2017 17:28:00 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markm@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: des@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 25 May 2017 18:41:29 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2017 17:28:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 --- Comment #2 from Mark Murray --- Agreed. The proposed change looks good. I say get it out there ASAP. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Fri May 26 20:30:39 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5BE1D8377F for ; Fri, 26 May 2017 20:30:39 +0000 (UTC) (envelope-from Lena@lena.kiev.ua) Received: from lena.kiev.ua (lena.kiev.ua [212.109.198.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C3DA15D2 for ; Fri, 26 May 2017 20:30:39 +0000 (UTC) (envelope-from Lena@lena.kiev.ua) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lena.kiev.ua; s=3; h=Content-Type:Mime-Version:Message-ID:Subject:To:From: Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jLlGNpj8tMCDLl4tNPYUpzsA7DmELYLKiAaX9abrhJc=; b=jtqvm8UzDQDclVZF2bBISDcO/Q dSG+mMivNv5eCXIq8sEJBpzm32fCYunmjV7puUa8lrh8lxuvhRpBvZaBHAOsyZqdfgTE0xIHWwyBz nofx8AksUG3y12CoULVsgzjMk+x7/F77/z4Bp0X8NiUFpRcJymAHKX0gS9h3Lzj3cmaw=; Received: from ip-1cd0.rusanovka-net.kiev.ua ([94.244.28.208] helo=bedside.lena.kiev.ua) by lena.kiev.ua with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89 (FreeBSD)) (envelope-from ) id 1dELsY-0001Qh-Lx for freebsd-security@freebsd.org; Fri, 26 May 2017 23:30:35 +0300 Received: from bedside.lena.kiev.ua (localhost.lena.kiev.ua [127.0.0.1]) by bedside.lena.kiev.ua (8.15.2/8.15.1) with ESMTP id v4QKUPPY089324 for ; Fri, 26 May 2017 23:30:25 +0300 (EEST) (envelope-from Lena@lena.kiev.ua) Received: (from lena@localhost) by bedside.lena.kiev.ua (8.15.2/8.15.1/Submit) id v4QKUPK6089323 for freebsd-security@freebsd.org; Fri, 26 May 2017 23:30:25 +0300 (EEST) (envelope-from Lena@lena.kiev.ua) Date: Fri, 26 May 2017 23:30:25 +0300 From: Lena@lena.kiev.ua To: freebsd-security@freebsd.org Subject: openssl-1.0.2l Message-ID: <20170526203025.GF919@lena.kiev> Mail-Followup-To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 20:30:40 -0000 Under FreeBSD 8 (with GCC 4.2.1): cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_P IC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT - DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -O2 -pipe -march=prescott -Werror -Qunused-arguments -fstack-protector -fn o-strict-aliasing -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_A SM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DM D5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c ech_oss l.c cc: unrecognized option '-Qunused-arguments' cc1: warnings being treated as errors ech_ossl.c: In function 'ecdh_compute_key': ech_ossl.c:119: warning: 'buflen' may be used uninitialized in this function *** Error code 1 Stop. make[4]: stopped in /usr/ports/security/openssl/work/openssl-1.0.2l/crypto/ecdh May be really "'buflen' may be used uninitialized"? From owner-freebsd-security@freebsd.org Fri May 26 20:49:08 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34F89D83CAC for ; Fri, 26 May 2017 20:49:08 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "tensor.andric.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EF8BF1F24 for ; Fri, 26 May 2017 20:49:07 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from [IPv6:2001:470:7a58::85d0:ae78:a3fa:8ccb] (unknown [IPv6:2001:470:7a58:0:85d0:ae78:a3fa:8ccb]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 8F8091DA72; Fri, 26 May 2017 22:49:04 +0200 (CEST) From: Dimitry Andric Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_876D1329-1B6B-4DA7-B46A-853DEA82A4C4"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: openssl-1.0.2l Date: Fri, 26 May 2017 22:48:57 +0200 In-Reply-To: <20170526203025.GF919@lena.kiev> Cc: freebsd-security@freebsd.org To: Lena@lena.kiev.ua References: <20170526203025.GF919@lena.kiev> X-Mailer: Apple Mail (2.3273) X-Mailman-Approved-At: Fri, 26 May 2017 22:24:49 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2017 20:49:08 -0000 --Apple-Mail=_876D1329-1B6B-4DA7-B46A-853DEA82A4C4 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 26 May 2017, at 22:30, Lena@lena.kiev.ua wrote: >=20 > Under FreeBSD 8 (with GCC 4.2.1): >=20 > cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC = -DOPENSSL_P > IC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE = -D_REENTRANT - > DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -O3 = -fomit-frame-pointer > -Wall -O2 -pipe -march=3Dprescott -Werror -Qunused-arguments = -fstack-protector -fn > o-strict-aliasing -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 = -DOPENSSL_BN_A > SM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM = -DSHA512_ASM -DM > D5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM = -c ech_oss > l.c > cc: unrecognized option '-Qunused-arguments' > cc1: warnings being treated as errors > ech_ossl.c: In function 'ecdh_compute_key': > ech_ossl.c:119: warning: 'buflen' may be used uninitialized in this = function > *** Error code 1 > Stop. > make[4]: stopped in = /usr/ports/security/openssl/work/openssl-1.0.2l/crypto/ecdh >=20 >=20 > May be really "'buflen' may be used uninitialized"? Maybe you are running a very old, unsupported version of FreeBSD? Please upgrade and try again. Also many, if not most, "may be uninitialized" warnings from gcc 4.2 are bogus. -Dimitry --Apple-Mail=_876D1329-1B6B-4DA7-B46A-853DEA82A4C4 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.30 iEYEARECAAYFAlkolMAACgkQsF6jCi4glqNDuACfeg2gaZwmaVWacrDmqINa89qK G3MAn2rVS2wAa5g2h+3g4wO1UFmhnO+b =DW2j -----END PGP SIGNATURE----- --Apple-Mail=_876D1329-1B6B-4DA7-B46A-853DEA82A4C4-- From owner-freebsd-security@freebsd.org Sat May 27 00:57:13 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD055D82AB6 for ; Sat, 27 May 2017 00:57:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C92621282 for ; Sat, 27 May 2017 00:57:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4R0vCNI005034 for ; Sat, 27 May 2017 00:57:13 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Sat, 27 May 2017 00:57:13 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: des@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sat, 27 May 2017 01:30:34 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 May 2017 00:57:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 Ed Maste changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emaste@freebsd.org --- Comment #3 from Ed Maste --- Jilles' version of the patch looks good to me - the one in https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064607.html --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Sat May 27 06:24:11 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F286D84B65 for ; Sat, 27 May 2017 06:24:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3EF471176 for ; Sat, 27 May 2017 06:24:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4R6OACx066570 for ; Sat, 27 May 2017 06:24:11 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Sat, 27 May 2017 06:24:10 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: delphij@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: delphij@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sat, 27 May 2017 11:42:08 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 May 2017 06:24:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 Xin LI changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|des@FreeBSD.org |delphij@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Sat May 27 06:24:59 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C156D84BF2 for ; Sat, 27 May 2017 06:24:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0BCB1131C for ; Sat, 27 May 2017 06:24:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4R6OwUl068118 for ; Sat, 27 May 2017 06:24:58 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Sat, 27 May 2017 06:24:59 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: delphij@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: delphij@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sat, 27 May 2017 11:42:16 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 May 2017 06:24:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 Xin LI changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |In Progress --- Comment #4 from Xin LI --- MFC scheduled. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Sat May 27 06:25:06 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 473BBD84C19 for ; Sat, 27 May 2017 06:25:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 370661333 for ; Sat, 27 May 2017 06:25:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4R6P5Q6068363 for ; Sat, 27 May 2017 06:25:06 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219527] Flawed umask handling in /etc/rc.d/random Date: Sat, 27 May 2017 06:25:06 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: delphij@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Sat, 27 May 2017 11:42:23 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 May 2017 06:25:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219527 --- Comment #5 from commit-hook@freebsd.org --- A commit references this bug: Author: delphij Date: Sat May 27 06:24:06 UTC 2017 New revision: 318975 URL: https://svnweb.freebsd.org/changeset/base/318975 Log: Tighten /entropy permissions. PR: 219527 Reported by: Lu Tung-Pin Submitted by: jilles MFC after: 3 days Changes: head/etc/rc.d/random --=20 You are receiving this mail because: You are on the CC list for the bug.=