[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#381677: initramfs-tools: Temporary files and initramfs world-readable



On Sat, 12 Aug 2006 10:43:16 +0200 maximilian attems wrote:

> On Sun, 06 Aug 2006, Lionel Elie Mamane wrote:
> 
> > The generated initramfs is world-readable (as well as the temporary
> > files); this leaks cryptographic keys (in password-protected form)
> > to all users on the system when the root fs is encrypted (because
> > these keys then get copied to the initramfs, at least in the
> > loop-aes case). See bug #378488 for a discussion of this in the
> > context of loop-aes.
> 
> yaird installs initrd.img with 600 without giving any further
> reasons -> see #336454
> no reply from maintainer since bug is filed.

Acknowledged - that bug lack response from me.

But why bring that up here? Is the lack of response in a yaird bugreport
somehow proof of the opposite in intramfs-tools being correct?


But whatever - let's discuss yaird in this initramfs-tools bugreport.

yaird runs as root, and collects info from several places, some of
which may be readable only as root. It then stores that collected info
in a newly created file. As a precaution, this newly created file is
created only accessible by root, so as to not accidentally leak info.

For yaird, this mostly works well. One situation that I am aware of is
the use of ramdisks for diskless environments like lessdisks (see
bug#336518 where access rights is also - lightly - discussed).

Bug#336454 is still open as it indeed is an open issue what is the
"correct" permissions of initrd images, and yaird is controversial in
this area (as well as in other ones!).


 - Jonas

-- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 - Enden er nær: http://www.shibumi.org/eoti.htm

Attachment: pgphw11ha9iw2.pgp
Description: PGP signature


Reply to: