On Sat, 12 Aug 2006 10:43:16 +0200 maximilian attems wrote: > On Sun, 06 Aug 2006, Lionel Elie Mamane wrote: > > > The generated initramfs is world-readable (as well as the temporary > > files); this leaks cryptographic keys (in password-protected form) > > to all users on the system when the root fs is encrypted (because > > these keys then get copied to the initramfs, at least in the > > loop-aes case). See bug #378488 for a discussion of this in the > > context of loop-aes. > > yaird installs initrd.img with 600 without giving any further > reasons -> see #336454 > no reply from maintainer since bug is filed. Acknowledged - that bug lack response from me. But why bring that up here? Is the lack of response in a yaird bugreport somehow proof of the opposite in intramfs-tools being correct? But whatever - let's discuss yaird in this initramfs-tools bugreport. yaird runs as root, and collects info from several places, some of which may be readable only as root. It then stores that collected info in a newly created file. As a precaution, this newly created file is created only accessible by root, so as to not accidentally leak info. For yaird, this mostly works well. One situation that I am aware of is the use of ramdisks for diskless environments like lessdisks (see bug#336518 where access rights is also - lightly - discussed). Bug#336454 is still open as it indeed is an open issue what is the "correct" permissions of initrd images, and yaird is controversial in this area (as well as in other ones!). - Jonas -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nær: http://www.shibumi.org/eoti.htm
Attachment:
pgpMqcLAuDBW7.pgp
Description: PGP signature