Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
Package: initramfs-tools
Version: 0.73b
Tags: patch
The generated initramfs is world-readable (as well as the temporary
files); this leaks cryptographic keys (in password-protected form) to
all users on the system when the root fs is encrypted (because these
keys then get copied to the initramfs, at least in the loop-aes
case). See bug #378488 for a discussion of this in the context of
loop-aes.
This patch fixes that. As making these files running user only
readable does not, as far as I can see, hurt even when not strictly
necessary, the patch just does it unconditionnaly.
Please apply (or comment). Thanks.
--
Lionel
diff -uN --recursive initramfs-tools-0.73b/mkinitramfs initramfs-tools-0.73b.lionel/mkinitramfs
--- initramfs-tools-0.73b/mkinitramfs 2006-07-29 13:05:20.000000000 +0200
+++ initramfs-tools-0.73b.lionel/mkinitramfs 2006-08-06 14:44:51.000000000 +0200
@@ -1,6 +1,6 @@
#!/bin/sh
-umask 0022
+umask 0077
# Defaults
keep="n"
Reply to: