[gentoo-commits] repo/gentoo:master commit in: sys-apps/rng-tools/, sys-apps/rng-tools/files/

["Michał Górny" <mgorny@gentoo.org>]

commit:     2b90c55c6656d33d8a2dc6a679a85c6f8d29310d
Author:     Gokturk Yuksek <gokturk <AT> binghamton <DOT> edu>
AuthorDate: Thu Oct  1 08:06:35 2015 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 08:09:46 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b90c55c

sys-apps/rng-tools: open entropy src with O_NOCTTY flag #556456

This revision patches the source file 'rngd_entsource.c', adding 'O_NOCTTY'
flag to the open() call that opens the entropy source for rngd.

Gentoo-Bug: https://bugs.gentoo.org/556456

Package-Manager: portage-2.2.20.1

 .../rng-tools/files/rng-tools-5-fix-noctty.patch   | 45 ++++++++++++++++++++++
 sys-apps/rng-tools/rng-tools-5-r2.ebuild           |  1 +
 2 files changed, 46 insertions(+)

diff --git a/sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch b/sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch
new file mode 100644
index 0000000..a48b235
--- /dev/null
+++ b/sys-apps/rng-tools/files/rng-tools-5-fix-noctty.patch
@@ -0,0 +1,45 @@
+From: Gokturk Yuksek <gokturk@binghamton.edu>
+Subject: [PATCH] Fix rngd to open the entropy source with 'O_NOCTTY' flag
+
+When start-stop-daemon starts a rngd instance configured to use a tty
+device as its entropy source, the application crashes due to not being
+able to read from the entropy device. This is caused by
+start-stop-daemon calling setsid() before executing rngd, which
+disassociates the controlling terminal. When rngd attempts to open a
+hardware entropy source that's a tty device, per POSIX rules, the
+device becomes the controlling terminal for the process. Then rngd
+calls daemon(), which internally calls setsid(), and consequently
+disassociates the controlling terminal for the child. Meanwhile the
+parent rngd process exits. This results in tty device hanging up. By
+looking at the strace logs attached to the bug, it can be observed
+that although the parent rngd process is able to read() from the
+entropy source successfully, further attempts to read() by the child
+rngd process return 0. This complies with the POSIX, which states that
+read() calls on a hung up terminal shall return 0.
+
+Note that when rngd is started without start-stop-daemon, this problem
+does not happen because at the time of opening the entropy source rngd
+already has a controlling terminal.
+
+Prevent the entropy source from becoming the controlling terminal by
+passing 'O_NOCTTY' flag to open() when opening an entropy source. This
+flag prevents a tty device from becoming the controlling terminal for
+a process without a controlling terminal at the time of open().
+
+Thanks to John Bowler <jbowler@acm.org> for debugging the problem and
+pinpointing the issue as well as confirming the fix.
+
+Gentoo-Bug-URL: https://bugs.gentoo.org/556456
+Reported-By: John Bowler <jbowler@acm.org>
+
+--- rngd_entsource.c
++++ rngd_entsource.c
+@@ -175,7 +175,7 @@
+  */
+ int init_entropy_source(struct rng *ent_src)
+ {
+-	ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY);
++	ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY | O_NOCTTY);
+ 	if (ent_src->rng_fd == -1) {
+ 		return 1;
+ 	}

diff --git a/sys-apps/rng-tools/rng-tools-5-r2.ebuild b/sys-apps/rng-tools/rng-tools-5-r2.ebuild
index 61e60b0..a104f8b 100644
--- a/sys-apps/rng-tools/rng-tools-5-r2.ebuild
+++ b/sys-apps/rng-tools/rng-tools-5-r2.ebuild
@@ -26,6 +26,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${P}-fix-textrels-on-PIC-x86.patch #469962
 	epatch "${FILESDIR}"/${P}-man-fill-watermark.patch #555094
 	epatch "${FILESDIR}"/${P}-man-rng-device.patch #555106
+	epatch "${FILESDIR}"/${P}-fix-noctty.patch #556456
 	eautoreconf
 
 	sed -i '/^AR /d' Makefile.in || die