/etc/random.seed reuse can now be detected. The stat +T bit marks the file

(fchmod +T by bootcode, chmod 600 by /etc/rc).  If the seed is reused, and
HWRNG isn't available, the kernel won't get RB_GOODSEED indication...

4 files changed, 28 insertions, 4 deletions

diff --git a/sys/arch/alpha/stand/boot/boot.c b/sys/arch/alpha/stand/boot/boot.c
index 916d9ea3bc2..228b130787b 100644
--- a/sys/arch/alpha/stand/boot/boot.c
+++ b/sys/arch/alpha/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.27 2020/05/25 15:49:41 deraadt Exp $	*/
+/*	$OpenBSD: boot.c,v 1.28 2020/05/26 13:47:27 deraadt Exp $	*/
 /*	$NetBSD: boot.c,v 1.10 1997/01/18 01:58:33 cgd Exp $	*/
 
 /*
@@ -86,6 +86,12 @@ loadrandom(char *name, char *buf, size_t buflen)
 		error = -1;
 		goto done;
 	}
+	if (sb.st_mode & S_ISTXT) {
+		printf("NOTE: random seed is being reused.\n");
+		error = -1;
+		goto done;
+	}
+	fchmod(fd, sb.st_mode | S_ISTXT);
 done:
 	close(fd);
 	return (error);
diff --git a/sys/arch/luna88k/stand/boot/boot.c b/sys/arch/luna88k/stand/boot/boot.c
index f23bf94a2f3..7b13cabc8d7 100644
--- a/sys/arch/luna88k/stand/boot/boot.c
+++ b/sys/arch/luna88k/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.9 2020/05/25 15:49:42 deraadt Exp $	*/
+/*	$OpenBSD: boot.c,v 1.10 2020/05/26 13:47:29 deraadt Exp $	*/
 /*	$NetBSD: boot.c,v 1.3 2013/03/05 15:34:53 tsutsui Exp $	*/
 
 /*
@@ -244,6 +244,12 @@ loadrandom(const char *name, char *buf, size_t buflen)
 		error = -1;
 		goto done;
 	}
+	if (sb.st_mode & S_ISTXT) {
+		printf("NOTE: random seed is being reused.\n");
+		error = -1;
+		goto done;
+	}
+	fchmod(fd, sb.st_mode | S_ISTXT);
 done:
 	close(fd);
 	return (error);
diff --git a/sys/arch/sgi/stand/boot/boot.c b/sys/arch/sgi/stand/boot/boot.c
index 69d5e16d265..e124245b57e 100644
--- a/sys/arch/sgi/stand/boot/boot.c
+++ b/sys/arch/sgi/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.28 2020/05/25 15:49:42 deraadt Exp $ */
+/*	$OpenBSD: boot.c,v 1.29 2020/05/26 13:47:29 deraadt Exp $ */
 
 /*
  * Copyright (c) 2004 Opsycon AB, www.opsycon.se.
@@ -311,6 +311,12 @@ loadrandom(const char *partition, const char *name, void *buf, size_t buflen)
 		error = -1;
 		goto done;
 	}
+	if (sb.st_mode & S_ISTXT) {
+		printf("NOTE: random seed is being reused.\n");
+		error = -1;
+		goto done;
+	}
+	fchmod(fd, sb.st_mode | S_ISTXT);
 done:
 	close(fd);
 	return (error);
diff --git a/sys/stand/boot/boot.c b/sys/stand/boot/boot.c
index ab9fb5ba2fc..acb403d4a56 100644
--- a/sys/stand/boot/boot.c
+++ b/sys/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.52 2020/05/25 15:49:42 deraadt Exp $	*/
+/*	$OpenBSD: boot.c,v 1.53 2020/05/26 13:47:29 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2003 Dale Rahn
@@ -197,6 +197,12 @@ loadrandom(char *name, char *buf, size_t buflen)
 		error = -1;
 		goto done;
 	}
+	if (sb.st_mode & S_ISTXT) {
+		printf("NOTE: random seed is being reused.\n");
+		error = -1;
+		goto done;
+	}
+	fchmod(fd, sb.st_mode | S_ISTXT);
 done:
 	close(fd);
 	return (error);