On Sun, Jan 22, 2017 at 01:22:07AM +0000, Lu Tung-Pin wrote: > On 2017-01-21 22:01, Jilles Tjoelker wrote: > > [Adding Cc: Dag-Erling Smørgrav who committed r273957 which seems to > > have introduced this] > > On Sat, Jan 21, 2017 at 01:21:42AM +0000, Lu Tung-Pin wrote: > >> A 2014 change broke the umask handling in /etc/rc.d/random, > >> leaving /entropy with ug+r permissions. Quick fix attached, > Edit: go+r permissions. > > Switching the umask here will avoid incorrect permissions on > > /entropy on new installations, but will not fix existing systems. A > > chmod command may be useful here. > Note that random_start() first removes /entropy via feed_dev_random(). > There's also a removal in random_stop(). Provided that a removal occurs, > the chmod won't be necessary on machines with an existing go+r /entropy. Right, /entropy is deleted after being read so the chmod is not needed. > I'm wondering, though: Would it be better to replace all the umask > fiddling with simple chmods? Every other rc.d script uses chmod if it > needs to set tighter permissions. When umask is used (dmesg, mountd, > syslogd), it's with a relaxed 022 setting. The umask ensures the file is created with the correct permissions so there is no race window where an unprivileged process can open the file. A permissions change has no existing opens. -- Jilles TjoelkerReceived on Sun Jan 22 2017 - 19:10:08 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC