[src/trunk]: src/etc/rc.d Avoid using programs from /usr/bin. This should fi...

[apb <apb%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f96d4253aa35
branches:  trunk
changeset: 783307:f96d4253aa35
user:      apb <apb%NetBSD.org@localhost>
date:      Fri Dec 14 18:42:25 2012 +0000

description:
Avoid using programs from /usr/bin.  This should fix PR 47326.

- no need for "dirname", because "df -G" can take a file name directly.
- replace use of "awk" with a shell while read loop.
- replace use of "stat -s" with "ls -ldn".
- no need for "tail" now that the use of "stat" has changed.

While here, also add some shell quotes and improve the grammar in a comment.

diffstat:

 etc/rc.d/random_seed |  26 ++++++++++++++++----------
 1 files changed, 16 insertions(+), 10 deletions(-)

diffs (79 lines):

diff -r a3f66fd77c8a -r f96d4253aa35 etc/rc.d/random_seed
--- a/etc/rc.d/random_seed      Fri Dec 14 18:39:48 2012 +0000
+++ b/etc/rc.d/random_seed      Fri Dec 14 18:42:25 2012 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: random_seed,v 1.3 2012/11/10 15:10:22 apb Exp $
+# $NetBSD: random_seed,v 1.4 2012/12/14 18:42:25 apb Exp $
 #
 
 # PROVIDE: random_seed
@@ -13,7 +13,7 @@
 # this script won't work if run after the securelevel is changed.
 #
 # The "BEFORE: bootconf" is intended to cause this to
-# be the first script to runs after mountcritlocal.
+# be the first script that runs after mountcritlocal.
 
 $_rc_subr_loaded . /etc/rc.subr
 
@@ -30,7 +30,11 @@
        # Enforce that the file's on a local filesystem.
        # Include only the types we can actually write.
        #
-       fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
+       fstype=$(df -G "$1" |
+               while read line ; do
+                   set -- $line
+                   if [ "$2" = "fstype" ]; then echo "$1" ; break ; fi
+               done )
        case $fstype in
            ffs)
                return 0
@@ -55,22 +59,24 @@
 {
        if [ -f $random_file ]; then
 
-               if ! fs_safe $(dirname ${random_file}); then
+               if ! fs_safe "${random_file}"; then
                        return 1
                fi
 
-               eval $(stat -s ${random_file})
+               set -- $(ls -ldn "${random_file}")
+               st_mode="$1" # should be "-rw-------"
+               st_uid="$3"  # should be "0" for root
 
                # The file must be owned by root,
                if [ "$st_uid" != "0" ]; then
                        return 1
                fi
                # and root read/write only.
-               if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
+               if [ "$st_mode" != "-rw-------" ]; then
                        return 1
                fi
 
-               if rndctl -L ${random_file}; then
+               if rndctl -L "${random_file}"; then
                        echo "Loaded entropy from disk."
                fi
                
@@ -82,13 +88,13 @@
        oum=$(umask)
        umask 077
 
-       rm -Pf ${random_file}
+       rm -Pf "${random_file}"
 
-       if ! fs_safe $(dirname ${random_file}); then
+       if ! fs_safe "${random_file}"; then
                return 1
        fi
 
-       if rndctl -S ${random_file}; then
+       if rndctl -S "${random_file}"; then
                echo "Saved entropy to disk."
        fi
 }