From owner-freebsd-current@freebsd.org Sat Jan 21 22:01:39 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1889C6D537 for ; Sat, 21 Jan 2017 22:01:39 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mailout.stack.nl (mailout05.stack.nl [IPv6:2001:610:1108:5010::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailout.stack.nl", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B9E361A1; Sat, 21 Jan 2017 22:01:39 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mailout.stack.nl (Postfix) with ESMTP id 1674A35; Sat, 21 Jan 2017 23:01:37 +0100 (CET) Received: by snail.stack.nl (Postfix, from userid 1677) id 0588228494; Sat, 21 Jan 2017 23:01:36 +0100 (CET) Date: Sat, 21 Jan 2017 23:01:36 +0100 From: Jilles Tjoelker To: Lu Tung-Pin Cc: freebsd-current@freebsd.org, des@FreeBSD.org Subject: Re: Fix /etc/rc.d/random umask handling (/entropy permissions) Message-ID: <20170121220136.GA59654@stack.nl> References: <14f5a2fdf191c33e4ed1dc882b288e81@openmailbox.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <14f5a2fdf191c33e4ed1dc882b288e81@openmailbox.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2017 22:01:40 -0000 [Adding Cc: Dag-Erling Smørgrav who committed r273957 which seems to have introduced this] On Sat, Jan 21, 2017 at 01:21:42AM +0000, Lu Tung-Pin wrote: > A 2014 change broke the umask handling in /etc/rc.d/random, > leaving /entropy with ug+r permissions. Quick fix attached, > mirroring random_stop() behavior. > (Incidentally, /usr/libexec/save-entropy is still fine for > /var/db/entropy/*, as is /etc/rc.d/random for the new > /boot/entropy.) > --- /etc/rc.d/random.old 2017-01-21 11:48:30.975009000 +1100 > +++ /etc/rc.d/random 2017-01-19 18:04:34.224632000 +1100 > @@ -20,12 +20,15 @@ > > save_dev_random() > { > + oumask=`umask` > + umask 077 > for f ; do > if :>>"$f" ; then > debug "saving entropy to $f" > dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null > fi > done > + umask ${oumask} > } > > feed_dev_random() Switching the umask here will avoid incorrect permissions on /entropy on new installations, but will not fix existing systems. A chmod command may be useful here. On another note, if :>>"$f" is bogus. Since : is a special builtin, a redirection error causes the shell to abort the script. The conditional seems to have been added to show error messages when the entropy file cannot be written without showing dd's statistics. I think this can be done more easily using dd's status=none parameter. My revised patch is below: Index: etc/rc.d/random =================================================================== --- etc/rc.d/random (revision 311446) +++ etc/rc.d/random (working copy) @@ -20,12 +20,14 @@ save_dev_random() { + oumask=`umask` + umask 077 for f ; do - if :>>"$f" ; then - debug "saving entropy to $f" - dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null - fi + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 status=none && + chmod 600 "$f" done + umask ${oumask} } feed_dev_random() -- Jilles Tjoelker