Tighten /entropy permissions.

PR: 219527 Reported by: Lu Tung-Pin <lutungpin at openmailbox.org> Submitted by: jilles MFC after: 3 days
svn path=/head/; revision=318975
2024-09-18 15:53:37 +00:00 · 2017-05-27 06:24:06 +00:00 · 2017-05-27 06:24:06 +00:00 · 335917f071 · 2020-12-20 02:59:44 +00:00
parent ef7161e774
commit 335917f071
1 changed files with 6 additions and 4 deletions
--- a/etc/rc.d/random
+++ b/etc/rc.d/random
@ -20,12 +20,14 @@ saveseed_cmd="${name}_stop"

 save_dev_random()
 {
+	oumask=`umask`
+	umask 077
 	for f ; do
-		if :>>"$f" ; then
-			debug "saving entropy to $f"
-			dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
-		fi
+		debug "saving entropy to $f"
+		dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
+			chmod 600 "$f"
 	done
+	umask ${oumask}
 }

 feed_dev_random()