diff options
author | dteske <dteske@FreeBSD.org> | 2015-04-06 18:03:35 +0000 |
---|---|---|
committer | dteske <dteske@FreeBSD.org> | 2015-04-06 18:03:35 +0000 |
commit | 1290072850dee6a07937982f737ea50dba23a272 (patch) | |
tree | d49892bb1fc3cf1b7dd5bfab79dad3f0c788ae11 /usr.sbin | |
parent | 5157da51af8f43fc7cb1272192f47049ac259fce (diff) | |
download | FreeBSD-src-1290072850dee6a07937982f737ea50dba23a272.zip FreeBSD-src-1290072850dee6a07937982f737ea50dba23a272.tar.gz |
Fix permissions on ZFS root encryption key (644 -> 600).
MFC after: 3 days
X-MFC-to: stable/10 stable/9
Security: CVE-2015-1415
Reported by: Pierre Kim
Diffstat (limited to 'usr.sbin')
-rwxr-xr-x | usr.sbin/bsdinstall/scripts/zfsboot | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/usr.sbin/bsdinstall/scripts/zfsboot b/usr.sbin/bsdinstall/scripts/zfsboot index edd9f59..08d1f0a 100755 --- a/usr.sbin/bsdinstall/scripts/zfsboot +++ b/usr.sbin/bsdinstall/scripts/zfsboot @@ -1128,6 +1128,9 @@ zfs_create_boot() f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \ /dev/random "$bootpool/$zroot_key" \ "bs=4096 count=1" || return $FAILURE + f_eval_catch $funcname "$CHMOD_MODE" \ + go-wrx "$bootpool/$zroot_key" || + return $FAILURE else # Clean up f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \ |