diff options
Diffstat (limited to 'sys-apps/rng-tools')
-rw-r--r-- | sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch | 45 | ||||
-rw-r--r-- | sys-apps/rng-tools/rng-tools-5-r2.ebuild | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch b/sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch new file mode 100644 index 000000000000..a48b235ac17c --- /dev/null +++ b/sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch @@ -0,0 +1,45 @@ +From: Gokturk Yuksek <gokturk@binghamton.edu> +Subject: [PATCH] Fix rngd to open the entropy source with 'O_NOCTTY' flag + +When start-stop-daemon starts a rngd instance configured to use a tty +device as its entropy source, the application crashes due to not being +able to read from the entropy device. This is caused by +start-stop-daemon calling setsid() before executing rngd, which +disassociates the controlling terminal. When rngd attempts to open a +hardware entropy source that's a tty device, per POSIX rules, the +device becomes the controlling terminal for the process. Then rngd +calls daemon(), which internally calls setsid(), and consequently +disassociates the controlling terminal for the child. Meanwhile the +parent rngd process exits. This results in tty device hanging up. By +looking at the strace logs attached to the bug, it can be observed +that although the parent rngd process is able to read() from the +entropy source successfully, further attempts to read() by the child +rngd process return 0. This complies with the POSIX, which states that +read() calls on a hung up terminal shall return 0. + +Note that when rngd is started without start-stop-daemon, this problem +does not happen because at the time of opening the entropy source rngd +already has a controlling terminal. + +Prevent the entropy source from becoming the controlling terminal by +passing 'O_NOCTTY' flag to open() when opening an entropy source. This +flag prevents a tty device from becoming the controlling terminal for +a process without a controlling terminal at the time of open(). + +Thanks to John Bowler <jbowler@acm.org> for debugging the problem and +pinpointing the issue as well as confirming the fix. + +Gentoo-Bug-URL: https://bugs.gentoo.org/556456 +Reported-By: John Bowler <jbowler@acm.org> + +--- rngd_entsource.c ++++ rngd_entsource.c +@@ -175,7 +175,7 @@ + */ + int init_entropy_source(struct rng *ent_src) + { +- ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY); ++ ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY | O_NOCTTY); + if (ent_src->rng_fd == -1) { + return 1; + } diff --git a/sys-apps/rng-tools/rng-tools-5-r2.ebuild b/sys-apps/rng-tools/rng-tools-5-r2.ebuild index 61e60b00cd63..a104f8b5eb28 100644 --- a/sys-apps/rng-tools/rng-tools-5-r2.ebuild +++ b/sys-apps/rng-tools/rng-tools-5-r2.ebuild @@ -26,6 +26,7 @@ src_prepare() { epatch "${FILESDIR}"/${P}-fix-textrels-on-PIC-x86.patch #469962 epatch "${FILESDIR}"/${P}-man-fill-watermark.patch #555094 epatch "${FILESDIR}"/${P}-man-rng-device.patch #555106 + epatch "${FILESDIR}"/${P}-fix-noctty.patch #556456 eautoreconf sed -i '/^AR /d' Makefile.in || die |