Date: Mon, 6 Apr 2015 18:03:36 +0000 (UTC) From: Devin Teske <dteske@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r281160 - head/usr.sbin/bsdinstall/scripts Message-ID: <201504061803.t36I3ap7074788@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dteske Date: Mon Apr 6 18:03:35 2015 New Revision: 281160 URL: https://svnweb.freebsd.org/changeset/base/281160 Log: Fix permissions on ZFS root encryption key (644 -> 600). MFC after: 3 days X-MFC-to: stable/10 stable/9 Security: CVE-2015-1415 Reported by: Pierre Kim Modified: head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 17:39:36 2015 (r281159) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 18:03:35 2015 (r281160) @@ -1128,6 +1128,9 @@ zfs_create_boot() f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \ /dev/random "$bootpool/$zroot_key" \ "bs=4096 count=1" || return $FAILURE + f_eval_catch $funcname "$CHMOD_MODE" \ + go-wrx "$bootpool/$zroot_key" || + return $FAILURE else # Clean up f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504061803.t36I3ap7074788>