Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
On Sat, 12 Aug 2006, Jonas Smedegaard wrote:
> On Sat, 12 Aug 2006 10:43:16 +0200 maximilian attems wrote:
>
> > yaird installs initrd.img with 600 without giving any further
> > reasons -> see #336454
> > no reply from maintainer since bug is filed.
>
> Acknowledged - that bug lack response from me.
>
> But why bring that up here? Is the lack of response in a yaird bugreport
> somehow proof of the opposite in intramfs-tools being correct?
no,
i was on the search of justification of the 0600 yaird behaviour.
> But whatever - let's discuss yaird in this initramfs-tools bugreport.
>
> yaird runs as root, and collects info from several places, some of
> which may be readable only as root. It then stores that collected info
> in a newly created file. As a precaution, this newly created file is
> created only accessible by root, so as to not accidentally leak info.
please specify the info:
i'm not 100% familiar with yaird code, so i'd be happy to know which
only root readable part might get exposed?
> For yaird, this mostly works well. One situation that I am aware of is
> the use of ramdisks for diskless environments like lessdisks (see
> bug#336518 where access rights is also - lightly - discussed).
hmm indeed netboot should be supported out of the box,
that is an counterarg.
thanks for your quick response.
--
maks
Reply to: