Lu Tung-Pin reported on freebsd-current@ a couple of months ago: | A 2014 change broke the umask handling in /etc/rc.d/random, | leaving /entropy with ug+r permissions. Quick fix attached, | mirroring random_stop() behavior. https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064602.html A couple of patch improvements were suggested but none of them were committed. It would be great if one of the proposed fixes would make it into 11.1. I've been using the original version of the patch since January and can confirm that it works as advertised.
Hi, Dag-Erling / Mark, Could you please take a look at this? The proposed change looks reasonable to me.
Agreed. The proposed change looks good. I say get it out there ASAP.
Jilles' version of the patch looks good to me - the one in https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064607.html
MFC scheduled.
A commit references this bug: Author: delphij Date: Sat May 27 06:24:06 UTC 2017 New revision: 318975 URL: https://svnweb.freebsd.org/changeset/base/318975 Log: Tighten /entropy permissions. PR: 219527 Reported by: Lu Tung-Pin <lutungpin at openmailbox.org> Submitted by: jilles MFC after: 3 days Changes: head/etc/rc.d/random
A commit references this bug: Author: delphij Date: Wed May 31 05:00:02 UTC 2017 New revision: 319275 URL: https://svnweb.freebsd.org/changeset/base/319275 Log: MFC r318975: Tighten /entropy permissions. PR: 219527 Reported by: Lu Tung-Pin <lutungpin at openmailbox.org> Submitted by: jilles Changes: _U stable/11/ stable/11/etc/rc.d/random