rngd-tools: run as unprivileged user

For better security and isolation, used the -D option to run as newly
created unprivileged user.

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <[email protected]>

diff --git a/utils/rng-tools/Makefile b/utils/rng-tools/Makefile
index 3f9dac7c2d8091033590f2bc62284f1bd10c630f..ffefbb678a982f254ef32b4475bafe09fd512ef5 100644 (file)
--- a/utils/rng-tools/Makefile
+++ b/utils/rng-tools/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rng-tools
 PKG_VERSION:=6.17
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/nhorman/rng-tools/tar.gz/v$(PKG_VERSION)?
@@ -32,6 +32,7 @@ define Package/rng-tools
   CATEGORY:=Utilities
   TITLE:=Daemon for adding entropy to kernel entropy pool
   URL:=https://github.com/nhorman/rng-tools
+  USERID:=rngd=209:rngd=209
   DEPENDS:=+libopenssl +libcap +libcurl +jansson
 endef
 

diff --git a/utils/rng-tools/files/rngd.init b/utils/rng-tools/files/rngd.init
index ab457dbf148448f15415556a43982dda1cfc6c90..b255d1a7dccf9b935081d2ade434ff7c6a7ac6a3 100644 (file)
--- a/utils/rng-tools/files/rngd.init
+++ b/utils/rng-tools/files/rngd.init
@@ -20,7 +20,7 @@ start_service() {
        [ -z "$watermark" ] || watermark="-W ${watermark}"
 
        procd_open_instance
-       procd_set_param command "$PROG" -f ${device} ${watermark}
+       procd_set_param command "$PROG" -D rngd:rngd -f ${device} ${watermark}
        procd_set_param stderr 1
        procd_close_instance
 }