Bug#381677: initramfs-tools: Temporary files and initramfs world-readable

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 6 Aug 2006 15:06:59 +0200
Message-id: <[🔎] 20060806130659.GA6798@bagnat.mamane.lu>
Reply-to: Lionel Elie Mamane <lionel@mamane.lu>, 381677@bugs.debian.org

Package: initramfs-tools
Version: 0.73b
Tags: patch

The generated initramfs is world-readable (as well as the temporary
files); this leaks cryptographic keys (in password-protected form) to
all users on the system when the root fs is encrypted (because these
keys then get copied to the initramfs, at least in the loop-aes
case). See bug #378488 for a discussion of this in the context of
loop-aes.

This patch fixes that. As making these files running user only
readable does not, as far as I can see, hurt even when not strictly
necessary, the patch just does it unconditionnaly.


Please apply (or comment). Thanks.


-- 
Lionel

diff -uN --recursive initramfs-tools-0.73b/mkinitramfs initramfs-tools-0.73b.lionel/mkinitramfs
--- initramfs-tools-0.73b/mkinitramfs	2006-07-29 13:05:20.000000000 +0200
+++ initramfs-tools-0.73b.lionel/mkinitramfs	2006-08-06 14:44:51.000000000 +0200
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-umask 0022
+umask 0077
 
 # Defaults
 keep="n"

Reply to:

Follow-Ups:
- Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
  - From: maximilian attems <maks@sternwelten.at>

Prev by Date: Re: Etch timeline is unrealistic because non-free firmware is NOT being dealt with
Next by Date: Processing of initramfs-tools_0.73c_amd64.changes
Previous by thread: Bug#381614: kernel-source-2.6.8: snd-atiixp returns error -13
Next by thread: Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
Index(es):
- Date
- Thread