Re: Fix /etc/rc.d/random umask handling (/entropy permissions)

From: Jilles Tjoelker <jilles_at_stack.nl>
Date: Sat, 21 Jan 2017 23:01:36 +0100
[Adding Cc: Dag-Erling Smørgrav who committed r273957 which seems to
have introduced this]
On Sat, Jan 21, 2017 at 01:21:42AM +0000, Lu Tung-Pin wrote:
> A 2014 change broke the umask handling in /etc/rc.d/random,
> leaving /entropy with ug+r permissions. Quick fix attached,
> mirroring random_stop() behavior.

> (Incidentally, /usr/libexec/save-entropy is still fine for
> /var/db/entropy/*, as is /etc/rc.d/random for the new
> /boot/entropy.)

> --- /etc/rc.d/random.old	2017-01-21 11:48:30.975009000 +1100
> +++ /etc/rc.d/random	2017-01-19 18:04:34.224632000 +1100
> _at__at_ -20,12 +20,15 _at__at_
>  
>  save_dev_random()
>  {
> +	oumask=`umask`
> +	umask 077
>  	for f ; do
>  		if :>>"$f" ; then
>  			debug "saving entropy to $f"
>  			dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
>  		fi
>  	done
> +	umask ${oumask}
>  }
>  
>  feed_dev_random()

Switching the umask here will avoid incorrect permissions on /entropy on
new installations, but will not fix existing systems. A chmod command
may be useful here.

On another note,  if :>>"$f"  is bogus. Since : is a special builtin, a
redirection error causes the shell to abort the script. The conditional
seems to have been added to show error messages when the entropy file
cannot be written without showing dd's statistics. I think this can be
done more easily using dd's status=none parameter.

My revised patch is below:

Index: etc/rc.d/random
===================================================================
--- etc/rc.d/random	(revision 311446)
+++ etc/rc.d/random	(working copy)
_at__at_ -20,12 +20,14 _at__at_
 
 save_dev_random()
 {
+	oumask=`umask`
+	umask 077
 	for f ; do
-		if :>>"$f" ; then
-			debug "saving entropy to $f"
-			dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
-		fi
+		debug "saving entropy to $f"
+		dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
+			chmod 600 "$f"
 	done
+	umask ${oumask}
 }
 
 feed_dev_random()

-- 
Jilles Tjoelker
Received on Sat Jan 21 2017 - 21:01:39 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC