Author: dteske Date: Mon Apr 6 18:03:35 2015 New Revision: 281160 URL: https://svnweb.freebsd.org/changeset/base/281160
Log: Fix permissions on ZFS root encryption key (644 -> 600). MFC after: 3 days X-MFC-to: stable/10 stable/9 Security: CVE-2015-1415 Reported by: Pierre Kim Modified: head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 17:39:36 2015 (r281159) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Mon Apr 6 18:03:35 2015 (r281160) @@ -1128,6 +1128,9 @@ zfs_create_boot() f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \ /dev/random "$bootpool/$zroot_key" \ "bs=4096 count=1" || return $FAILURE + f_eval_catch $funcname "$CHMOD_MODE" \ + go-wrx "$bootpool/$zroot_key" || + return $FAILURE else # Clean up f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \ _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"