From owner-freebsd-current@freebsd.org Sun Jan 22 20:10:08 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7656ACBCC05 for ; Sun, 22 Jan 2017 20:10:08 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mailout.stack.nl (mailout05.stack.nl [IPv6:2001:610:1108:5010::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailout.stack.nl", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 44DFD19C7; Sun, 22 Jan 2017 20:10:07 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mailout.stack.nl (Postfix) with ESMTP id A10D13D; Sun, 22 Jan 2017 21:09:57 +0100 (CET) Received: by snail.stack.nl (Postfix, from userid 1677) id 931F228494; Sun, 22 Jan 2017 21:09:57 +0100 (CET) Date: Sun, 22 Jan 2017 21:09:57 +0100 From: Jilles Tjoelker To: Lu Tung-Pin Cc: freebsd-current@freebsd.org, des@freebsd.org Subject: Re: Fix /etc/rc.d/random umask handling (/entropy permissions) Message-ID: <20170122200957.GB66559@stack.nl> References: <14f5a2fdf191c33e4ed1dc882b288e81@openmailbox.org> <20170121220136.GA59654@stack.nl> <759c32a300bbea18344a7f52fe2f009d@openmailbox.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <759c32a300bbea18344a7f52fe2f009d@openmailbox.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jan 2017 20:10:08 -0000 On Sun, Jan 22, 2017 at 01:22:07AM +0000, Lu Tung-Pin wrote: > On 2017-01-21 22:01, Jilles Tjoelker wrote: > > [Adding Cc: Dag-Erling Smørgrav who committed r273957 which seems to > > have introduced this] > > On Sat, Jan 21, 2017 at 01:21:42AM +0000, Lu Tung-Pin wrote: > >> A 2014 change broke the umask handling in /etc/rc.d/random, > >> leaving /entropy with ug+r permissions. Quick fix attached, > Edit: go+r permissions. > > Switching the umask here will avoid incorrect permissions on > > /entropy on new installations, but will not fix existing systems. A > > chmod command may be useful here. > Note that random_start() first removes /entropy via feed_dev_random(). > There's also a removal in random_stop(). Provided that a removal occurs, > the chmod won't be necessary on machines with an existing go+r /entropy. Right, /entropy is deleted after being read so the chmod is not needed. > I'm wondering, though: Would it be better to replace all the umask > fiddling with simple chmods? Every other rc.d script uses chmod if it > needs to set tighter permissions. When umask is used (dmesg, mountd, > syslogd), it's with a relaxed 022 setting. The umask ensures the file is created with the correct permissions so there is no race window where an unprivileged process can open the file. A permissions change has no existing opens. -- Jilles Tjoelker