A 2014 change broke the umask handling in /etc/rc.d/random, leaving /entropy with ug+r permissions. Quick fix attached, mirroring random_stop() behavior. (Incidentally, /usr/libexec/save-entropy is still fine for /var/db/entropy/*, as is /etc/rc.d/random for the new /boot/entropy.) --- /etc/rc.d/random.old 2017-01-21 11:48:30.975009000 +1100 +++ /etc/rc.d/random 2017-01-19 18:04:34.224632000 +1100 _at__at_ -20,12 +20,15 _at__at_ save_dev_random() { + oumask=`umask` + umask 077 for f ; do if :>>"$f" ; then debug "saving entropy to $f" dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null fi done + umask ${oumask} } feed_dev_random()
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC