From nobody@FreeBSD.org  Sun Mar 12 02:57:26 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7F91E16A438
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 12 Mar 2006 02:57:26 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C49794620A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 12 Mar 2006 01:43:49 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k2C1hn9C083318
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 12 Mar 2006 01:43:49 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k2C1hnSR083316;
	Sun, 12 Mar 2006 01:43:49 GMT
	(envelope-from nobody)
Message-Id: <200603120143.k2C1hnSR083316@www.freebsd.org>
Date: Sun, 12 Mar 2006 01:43:49 GMT
From: Doug White <dwhite@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /etc/rc.d/sshd improperly tests random dev state
X-Send-Pr-Version: www-2.3

>Number:         94377
>Category:       conf
>Synopsis:       [patch] /etc/rc.d/sshd improperly tests random dev state
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-rc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 12 03:00:46 GMT 2006
>Closed-Date:    Wed Jun 07 10:45:58 GMT 2006
>Last-Modified:  Thu Jun  8 23:10:22 GMT 2006
>Originator:     Doug White
>Release:        FreeBSD 6.1-PRERELEASE (GENERIC) #0: Thu Mar  9 15:08:53 PST 2006
>Organization:
Gumbysoft
>Environment:
FreeBSD overseer.testrack.ixsystems.com 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Thu Mar  9 15:08:53 PST 2006     dwhite@:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
/etc/rc.d/sshd tests whether the kern.random.sys.seeded sysctl is set before prompting the user to seed the random device. The test incorrectly checks if the sysctl returns an empty string rather than checking if its value is zero. Since a numeric sysctl always returns a value if the call was successful, this leads to unnecessary PRNG state resets and user input. On my test machine it actually prevented the script from generating the keys if insufficient input was given to the PRNG initialization prompt.
>How-To-Repeat:
I found this by installing a system with sshd disabled in sysinstall, but it can be duplicated by shutting down ssh, removing the host keys, then running '/etc/rc.d/sshd start'.
>Fix:
(this patch is also available at http://people.freebsd.org/~dwhite/patches/sshd.20060310.patch)

This patch fixes the issue identified in this PR and also correctly against sysctl failing and returning an empty string (if its somehow called while the random device is not loaded, for instance).


===================================================================
RCS file: /home/ncvs/src/etc/rc.d/sshd,v
retrieving revision 1.9
diff -u -r1.9 sshd
--- sshd        23 Oct 2005 14:06:53 -0000      1.9
+++ sshd        12 Mar 2006 01:40:44 -0000
@@ -23,7 +23,7 @@
 {
        (
        seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
-       if [ "${seeded}" != "" ] ; then
+       if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
                warn "Setting entropy source to blocking mode."
                echo "===================================================="
                echo "Type a full screenful of random junk to unblock"

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Mar 12 03:47:53 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94377 
State-Changed-From-To: open->closed 
State-Changed-By: flz 
State-Changed-When: Tue Apr 11 09:23:44 UTC 2006 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94377 
State-Changed-From-To: closed->patched 
State-Changed-By: flz 
State-Changed-When: Tue Apr 11 09:30:24 UTC 2006 
State-Changed-Why:  
Should have set this to patched instead. Committed to HEAD, MFC planned 
after 1 week. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94377 
State-Changed-From-To: patched->closed 
State-Changed-By: flz 
State-Changed-When: Wed Jun 7 10:45:28 UTC 2006 
State-Changed-Why:  
MFC'ed to RELENG_6. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94377 

From: Rostislav Krasny <rosti.bsd@gmail.com>
To: Florent Thoumie <flz@FreeBSD.org>, Doug White <dwhite@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/94377 : [patch] /etc/rc.d/sshd improperly tests random dev
 state
Date: Thu, 8 Jun 2006 11:55:46 +0300

 I've seen that patch just today, when it is already MFCed. I think it
 could be simpler. Instead of
 
 [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ]
 
 you can write just
 
 [ "${seeded}" = "0" ]
 
 and it will be still correct against sysctl failing and returning an
 empty string.

From: Doug White <dwhite@gumbysoft.com>
To: Rostislav Krasny <rosti.bsd@gmail.com>
Cc: Florent Thoumie <flz@FreeBSD.org>, Doug White <dwhite@FreeBSD.org>, 
    bug-followup@FreeBSD.org
Subject: Re: conf/94377 : [patch] /etc/rc.d/sshd improperly tests random dev
 state
Date: Thu, 8 Jun 2006 10:36:05 -0700 (PDT)

 On Thu, 8 Jun 2006, Rostislav Krasny wrote:
 
 > I've seen that patch just today, when it is already MFCed. I think it
 > could be simpler. Instead of
 >
 > [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ]
 >
 > you can write just
 >
 > [ "${seeded}" = "0" ]
 >
 > and it will be still correct against sysctl failing and returning an
 > empty string.
 
 No, because if ${seeded} is empty, the shell interprets the test as
 
 [ = "0" ]
 
 which results in a syntax error. The 'x' in the first test is significant.
 
 -- 
 Doug White                    |  FreeBSD: The Power to Serve
 dwhite@gumbysoft.com          |  www.FreeBSD.org

From: Doug White <dwhite@gumbysoft.com>
To: Rostislav Krasny <rosti.bsd@gmail.com>
Cc: Florent Thoumie <flz@FreeBSD.org>, bug-followup@FreeBSD.org
Subject: Re: conf/94377 : [patch] /etc/rc.d/sshd improperly tests random dev
 state
Date: Thu, 8 Jun 2006 13:14:04 -0700 (PDT)

 On Thu, 8 Jun 2006, Rostislav Krasny wrote:
 
 > The sysctl will fail because of a wrong variable name, but no syntax
 > error will occur. If you remove the double quotes around the ${seeded}
 > only then a syntaxt error will happen.
 >
 > If on CURRENT it works differently then most likely it has a bug
 > in sh(1).
 
 *shrug* The patch sat idle for 4 months, so you had your chance to say 
 your piece. I don't think doing another merge cycle just to sate a minor 
 stylistic nit is justified. This code runs once any time the rc script is 
 executed, which on most systems is once on boot. Its not like we're trying 
 to shave cycles here.
 
 -- 
 Doug White                    |  FreeBSD: The Power to Serve
 dwhite@gumbysoft.com          |  www.FreeBSD.org

From: Rostislav Krasny <rosti.bsd@gmail.com>
To: Doug White <dwhite@gumbysoft.com>
Cc: Florent Thoumie <flz@FreeBSD.org>, bug-followup@FreeBSD.org
Subject: Re: conf/94377 : [patch] /etc/rc.d/sshd improperly tests random dev
 state
Date: Thu, 8 Jun 2006 22:03:58 +0300

 On Thu, 8 Jun 2006 10:36:05 -0700 (PDT)
 Doug White <dwhite@gumbysoft.com> wrote:
 
 > On Thu, 8 Jun 2006, Rostislav Krasny wrote:
 > 
 > > I've seen that patch just today, when it is already MFCed. I think it
 > > could be simpler. Instead of
 > >
 > > [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ]
 > >
 > > you can write just
 > >
 > > [ "${seeded}" = "0" ]
 > >
 > > and it will be still correct against sysctl failing and returning an
 > > empty string.
 > 
 > No, because if ${seeded} is empty, the shell interprets the test as
 > 
 > [ = "0" ]
 > 
 > which results in a syntax error. The 'x' in the first test is significant.
 
 No, if ${seeded} is empty, the shell interprets the
 
 [ "${seeded}" = "0" ]
 
 as
 
 [ "" = "0" ]
 
 which has no syntax error because the ${seeded} is between the double
 quotes. Try following simple script to test it:
 
 #!/bin/sh
 
 seeded=`sysctl -n kern.random.sys.seededdd 2>/dev/null`
 echo ${seeded}
 
 if [ "${seeded}" = "0" ]
 then
         echo true
 else
         echo false
 fi
 
 The sysctl will fail because of a wrong variable name, but no syntax
 error will occur. If you remove the double quotes around the ${seeded}
 only then a syntaxt error will happen.
 
 If on CURRENT it works differently then most likely it has a bug
 in sh(1).

From: Rostislav Krasny <rosti.bsd@gmail.com>
To: Doug White <dwhite@gumbysoft.com>
Cc: Florent Thoumie <flz@FreeBSD.org>, bug-followup@FreeBSD.org
Subject: Re: conf/94377 : [patch] /etc/rc.d/sshd improperly tests random dev
 state
Date: Fri, 9 Jun 2006 00:13:30 +0300

 On Thu, 8 Jun 2006 13:14:04 -0700 (PDT)
 Doug White <dwhite@gumbysoft.com> wrote:
 
 > *shrug* The patch sat idle for 4 months, so you had your chance to say 
 > your piece. I don't think doing another merge cycle just to sate a minor 
 > stylistic nit is justified. This code runs once any time the rc script is 
 > executed, which on most systems is once on boot. Its not like we're trying 
 > to shave cycles here.
 
 I'm not a FreeBSD developer and I don't check every patch in GNATS or
 every commit in HEAD. I've seen that particular patch, for the first
 time, only when it has been MFCed to RELENG_6. Your version is working
 and I'm not pushing you to change it. But I think
 
 [ "${seeded}" = "0" ]
 
 is not only more efficient but also more readable than
 
 [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ]
 
 That is why I wrote my first email. Do with it whatever you think is
 right to do.
>Unformatted:
