Bug 219527

Summary: Flawed umask handling in /etc/rc.d/random
Product: Base System Reporter: Fabian Keil <fk>
Component: miscAssignee: Xin LI <delphij>
Status: Closed FIXED    
Severity: Affects Many People CC: delphij, emaste, markm, security-officer, security
Priority: --- Keywords: regression, security
Version: 11.0-STABLEFlags: delphij: mfc-stable11+
delphij: mfc-stable10-
Hardware: Any   
OS: Any   
URL: https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064607.html

Description Fabian Keil 2017-05-25 12:30:39 UTC 
Lu Tung-Pin reported on freebsd-current@ a couple of months ago:

| A 2014 change broke the umask handling in /etc/rc.d/random,
| leaving /entropy with ug+r permissions. Quick fix attached,
| mirroring random_stop() behavior.
https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064602.html

A couple of patch improvements were suggested but none
of them were committed.

It would be great if one of the proposed fixes would make it into 11.1.

I've been using the original version of the patch since January and can
confirm that it works as advertised.
Comment 1 Xin LI freebsd_committer freebsd_triage 2017-05-25 17:10:05 UTC 
Hi, Dag-Erling / Mark,

Could you please take a look at this?  The proposed change looks reasonable to me.
Comment 2 Mark Murray freebsd_committer freebsd_triage 2017-05-25 17:28:00 UTC 
Agreed. The proposed change looks good. I say get it out there ASAP.
Comment 3 Ed Maste freebsd_committer freebsd_triage 2017-05-27 00:57:13 UTC 
Jilles' version of the patch looks good to me - the one in https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064607.html
Comment 4 Xin LI freebsd_committer freebsd_triage 2017-05-27 06:24:59 UTC 
MFC scheduled.
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-05-27 06:25:06 UTC 
A commit references this bug:

Author: delphij
Date: Sat May 27 06:24:06 UTC 2017
New revision: 318975
URL: https://svnweb.freebsd.org/changeset/base/318975

Log:
  Tighten /entropy permissions.

  PR:		219527
  Reported by:	Lu Tung-Pin <lutungpin at openmailbox.org>
  Submitted by:	jilles
  MFC after:	3 days

Changes:
  head/etc/rc.d/random
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-05-31 05:00:38 UTC 
A commit references this bug:

Author: delphij
Date: Wed May 31 05:00:02 UTC 2017
New revision: 319275
URL: https://svnweb.freebsd.org/changeset/base/319275

Log:
  MFC r318975:

  Tighten /entropy permissions.

  PR:		219527
  Reported by:	Lu Tung-Pin <lutungpin at openmailbox.org>
  Submitted by:	jilles

Changes:
_U  stable/11/
  stable/11/etc/rc.d/random