diff options
| author | Xin LI <delphij@FreeBSD.org> | 2017-05-27 06:24:06 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2017-05-27 06:24:06 +0000 |
| commit | 335917f071f6eeea1bd993ded4ad3a79e74e1601 (patch) | |
| tree | da98d20c67a2105e252e43f8e0ec7cae9d0ab46b /etc/rc.d | |
| parent | ef7161e77498cf94c4d8aa8b45b845c58ec3b93b (diff) | |
| download | src-335917f071f6eeea1bd993ded4ad3a79e74e1601.tar.gz src-335917f071f6eeea1bd993ded4ad3a79e74e1601.zip | |
Tighten /entropy permissions.
PR: 219527
Reported by: Lu Tung-Pin <lutungpin at openmailbox.org>
Submitted by: jilles
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=318975
Diffstat (limited to 'etc/rc.d')
| -rwxr-xr-x | etc/rc.d/random | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/etc/rc.d/random b/etc/rc.d/random index 1e4e5b2fc729..9762c9d3bfdd 100755 --- a/etc/rc.d/random +++ b/etc/rc.d/random @@ -20,12 +20,14 @@ saveseed_cmd="${name}_stop" save_dev_random() { + oumask=`umask` + umask 077 for f ; do - if :>>"$f" ; then - debug "saving entropy to $f" - dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null - fi + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 status=none && + chmod 600 "$f" done + umask ${oumask} } feed_dev_random() |