Author: dteske
Date: Mon Apr 6 18:03:35 2015
New Revision: 281160
URL: https://svnweb.freebsd.org/changeset/base/281160
Log:
Fix permissions on ZFS root encryption key (644 -> 600).
MFC after: 3 days
X-MFC-to: stable/10 stable/9
Security: CVE-2015-1415
Reported by: Pierre Kim
Modified:
head/usr.sbin/bsdinstall/scripts/zfsboot
Modified: head/usr.sbin/bsdinstall/scripts/zfsboot
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 17:39:36 2015
(r281159)
+++ head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 18:03:35 2015
(r281160)
@@ -1128,6 +1128,9 @@ zfs_create_boot()
f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \
/dev/random "$bootpool/$zroot_key" \
"bs=4096 count=1" || return $FAILURE
+ f_eval_catch $funcname "$CHMOD_MODE" \
+ go-wrx "$bootpool/$zroot_key" ||
+ return $FAILURE
else
# Clean up
f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
