Bug 219527 - Flawed umask handling in /etc/rc.d/random
Summary: Flawed umask handling in /etc/rc.d/random
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: 11.0-STABLE
Hardware: Any Any
: --- Affects Many People
Assignee: Xin LI
URL: https://lists.freebsd.org/pipermail/f...
Keywords: regression, security
Depends on:
Blocks:
 
Reported: 2017-05-25 12:30 UTC by Fabian Keil
Modified: 2017-05-31 08:36 UTC (History)
5 users (show)

See Also:
delphij: mfc-stable10-
delphij: mfc-stable11+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Keil 2017-05-25 12:30:39 UTC
Lu Tung-Pin reported on freebsd-current@ a couple of months ago:

| A 2014 change broke the umask handling in /etc/rc.d/random,
| leaving /entropy with ug+r permissions. Quick fix attached,
| mirroring random_stop() behavior.
https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064602.html

A couple of patch improvements were suggested but none
of them were committed.

It would be great if one of the proposed fixes would make it into 11.1.

I've been using the original version of the patch since January and can
confirm that it works as advertised.
Comment 1 Xin LI freebsd_committer 2017-05-25 17:10:05 UTC
Hi, Dag-Erling / Mark,

Could you please take a look at this?  The proposed change looks reasonable to me.
Comment 2 Mark Murray freebsd_committer 2017-05-25 17:28:00 UTC
Agreed. The proposed change looks good. I say get it out there ASAP.
Comment 3 Ed Maste freebsd_committer 2017-05-27 00:57:13 UTC
Jilles' version of the patch looks good to me - the one in https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064607.html
Comment 4 Xin LI freebsd_committer 2017-05-27 06:24:59 UTC
MFC scheduled.
Comment 5 commit-hook freebsd_committer 2017-05-27 06:25:06 UTC
A commit references this bug:

Author: delphij
Date: Sat May 27 06:24:06 UTC 2017
New revision: 318975
URL: https://svnweb.freebsd.org/changeset/base/318975

Log:
  Tighten /entropy permissions.

  PR:		219527
  Reported by:	Lu Tung-Pin <lutungpin at openmailbox.org>
  Submitted by:	jilles
  MFC after:	3 days

Changes:
  head/etc/rc.d/random
Comment 6 commit-hook freebsd_committer 2017-05-31 05:00:38 UTC
A commit references this bug:

Author: delphij
Date: Wed May 31 05:00:02 UTC 2017
New revision: 319275
URL: https://svnweb.freebsd.org/changeset/base/319275

Log:
  MFC r318975:

  Tighten /entropy permissions.

  PR:		219527
  Reported by:	Lu Tung-Pin <lutungpin at openmailbox.org>
  Submitted by:	jilles

Changes:
_U  stable/11/
  stable/11/etc/rc.d/random