Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Apr 2015 18:03:36 +0000 (UTC)
From:      Devin Teske <dteske@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r281160 - head/usr.sbin/bsdinstall/scripts
Message-ID:  <201504061803.t36I3ap7074788@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: dteske
Date: Mon Apr  6 18:03:35 2015
New Revision: 281160
URL: https://svnweb.freebsd.org/changeset/base/281160

Log:
  Fix permissions on ZFS root encryption key (644 -> 600).
  
  MFC after:	3 days
  X-MFC-to:	stable/10 stable/9
  Security:	CVE-2015-1415
  Reported by:	Pierre Kim

Modified:
  head/usr.sbin/bsdinstall/scripts/zfsboot

Modified: head/usr.sbin/bsdinstall/scripts/zfsboot
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/zfsboot	Mon Apr  6 17:39:36 2015	(r281159)
+++ head/usr.sbin/bsdinstall/scripts/zfsboot	Mon Apr  6 18:03:35 2015	(r281160)
@@ -1128,6 +1128,9 @@ zfs_create_boot()
 			f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \
 			             /dev/random "$bootpool/$zroot_key" \
 			             "bs=4096 count=1" || return $FAILURE
+			f_eval_catch $funcname "$CHMOD_MODE" \
+			             go-wrx "$bootpool/$zroot_key" ||
+			             return $FAILURE
 		else
 			# Clean up
 			f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504061803.t36I3ap7074788>