[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#381677: initramfs-tools: Temporary files and initramfs world-readable

On Sat, 12 Aug 2006, Jonas Smedegaard wrote:

> On Sat, 12 Aug 2006 10:43:16 +0200 maximilian attems wrote:
> > yaird installs initrd.img with 600 without giving any further
> > reasons -> see #336454
> > no reply from maintainer since bug is filed.
> Acknowledged - that bug lack response from me.
> But why bring that up here? Is the lack of response in a yaird bugreport
> somehow proof of the opposite in intramfs-tools being correct?

i was on the search of justification of the 0600 yaird behaviour.
> But whatever - let's discuss yaird in this initramfs-tools bugreport.
> yaird runs as root, and collects info from several places, some of
> which may be readable only as root. It then stores that collected info
> in a newly created file. As a precaution, this newly created file is
> created only accessible by root, so as to not accidentally leak info.

please specify the info:
i'm not 100% familiar with yaird code, so i'd be happy to know which
only root readable part might get exposed?
> For yaird, this mostly works well. One situation that I am aware of is
> the use of ramdisks for diskless environments like lessdisks (see
> bug#336518 where access rights is also - lightly - discussed).

hmm indeed netboot should be supported out of the box,
that is an counterarg.

thanks for your quick response.

Reply to: