On 08/15/14 16:22, Paul de Weerd wrote:
On Fri, Aug 15, 2014 at 04:07:21PM +0200, Alexander Hall wrote:
| On August 15, 2014 2:04:56 PM CEST, Theo de Raadt <dera...@cvs.openbsd.org>
wrote:
| >> Is it safe to generate some randomness in /tftpboot/etc/random.seed
| >for
| >> clients that PXE boot?
| >
| >I do not even know if that file will be read... is it?
|
| IIRC, it is tried but deemed unsafe (0555) and therefore isn't used, but
causes a warning. Maybe it had changed since.
What do you mean? You don't get permissions with a TFTP transfer. If
the tftpd can read the file, it'll send it to you. If it can't, it
won't (surprise, surprise ;).
From sys/lib/libsa/tftp.c:
...
int
tftp_stat(struct open_file *f, struct stat *sb)
{
struct tftp_handle *tftpfile;
tftpfile = (struct tftp_handle *) f->f_fsdata;
sb->st_mode = 0444;
...
Ok, it wasn't 0555, but 0444. Close enough.
Then, in sys/stand/boot/boot.c:
...
void
loadrandom(char *name, char *buf, size_t buflen)
{
...
if (fstat(fd, &sb) == -1 ||
sb.st_uid != 0 ||
(sb.st_mode & (S_IWOTH|S_IROTH)))
goto fail;
...
So, actually, if the file exists, it will not emit a warning (like it
does if it's non-existent), but silently ignore it. :-)
/Alexander