Author: delphij
Date: Wed May 31 05:00:02 2017
New Revision: 319275
URL: https://svnweb.freebsd.org/changeset/base/319275

Log:
  MFC r318975:
  
  Tighten /entropy permissions.
  
  PR:           219527
  Reported by:  Lu Tung-Pin <lutungpin at openmailbox.org>
  Submitted by: jilles

Modified:
  stable/11/etc/rc.d/random
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/etc/rc.d/random
==============================================================================
--- stable/11/etc/rc.d/random   Wed May 31 03:44:31 2017        (r319274)
+++ stable/11/etc/rc.d/random   Wed May 31 05:00:02 2017        (r319275)
@@ -20,12 +20,14 @@ saveseed_cmd="${name}_stop"
 
 save_dev_random()
 {
+       oumask=`umask`
+       umask 077
        for f ; do
-               if :>>"$f" ; then
-                       debug "saving entropy to $f"
-                       dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
-               fi
+               debug "saving entropy to $f"
+               dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
+                       chmod 600 "$f"
        done
+       umask ${oumask}
 }
 
 feed_dev_random()
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to