From 513e8c598c6e9e535de69ccab8857c9b11d802f1 Mon Sep 17 00:00:00 2001
From: John Audia <therealgraysky@proton.me>
Date: Tue, 15 Jul 2025 15:39:57 -0400
Subject: [PATCH] rngd-tools: run as unprivileged user

For better security and isolation, used the -D option to run as newly
created unprivileged user.

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <therealgraysky@proton.me>
---
 utils/rng-tools/Makefile        | 3 ++-
 utils/rng-tools/files/rngd.init | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/utils/rng-tools/Makefile b/utils/rng-tools/Makefile
index 3f9dac7c2d..ffefbb678a 100644
--- a/utils/rng-tools/Makefile
+++ b/utils/rng-tools/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rng-tools
 PKG_VERSION:=6.17
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/nhorman/rng-tools/tar.gz/v$(PKG_VERSION)?
@@ -32,6 +32,7 @@ define Package/rng-tools
   CATEGORY:=Utilities
   TITLE:=Daemon for adding entropy to kernel entropy pool
   URL:=https://github.com/nhorman/rng-tools
+  USERID:=rngd=209:rngd=209
   DEPENDS:=+libopenssl +libcap +libcurl +jansson
 endef
 
diff --git a/utils/rng-tools/files/rngd.init b/utils/rng-tools/files/rngd.init
index ab457dbf14..b255d1a7dc 100644
--- a/utils/rng-tools/files/rngd.init
+++ b/utils/rng-tools/files/rngd.init
@@ -20,7 +20,7 @@ start_service() {
 	[ -z "$watermark" ] || watermark="-W ${watermark}"
 
 	procd_open_instance
-	procd_set_param command "$PROG" -f ${device} ${watermark}
+	procd_set_param command "$PROG" -D rngd:rngd -f ${device} ${watermark}
 	procd_set_param stderr 1
 	procd_close_instance
 }
-- 
2.30.2