Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
On Sat, Aug 12, 2006 at 10:43:16AM +0200, maximilian attems wrote:
> On Sun, 06 Aug 2006, Lionel Elie Mamane wrote:
>> The generated initramfs is world-readable (as well as the temporary
>> files); this leaks cryptographic keys (in password-protected form) to
>> all users on the system when the root fs is encrypted (because these
>> keys then get copied to the initramfs, at least in the loop-aes
>> case).
> i like the initramfs-tools initrd.img to be debuggable as
> user (quick check of their contents).
> also loop-aes is quite a specific use case,
> so i'm not in big favour of setting the umask in general
> to the proposed value as in general there is no gpg key
> in the initramfs.
Let's do it optionally then. New patch attached.
--
Lionel
diff --recursive -u initramfs-tools-0.73e/conf/initramfs.conf initramfs-tools-0.73e.lionel/conf/initramfs.conf
--- initramfs-tools-0.73e/conf/initramfs.conf 2006-07-20 20:49:22.000000000 +0200
+++ initramfs-tools-0.73e.lionel/conf/initramfs.conf 2006-08-14 09:23:23.904512135 +0200
@@ -52,3 +52,12 @@
NFSROOT=auto
+#
+# UMASK: 0nnn
+#
+# umask applied for temporary files and initramfs; you will probably
+# want to tighten it if the initramfs contains secrets such as
+# cryptographic keys (e.g. encrypted root).
+#
+UMASK=0022
+
diff --recursive -u initramfs-tools-0.73e/mkinitramfs initramfs-tools-0.73e.lionel/mkinitramfs
--- initramfs-tools-0.73e/mkinitramfs 2006-08-13 10:03:36.000000000 +0200
+++ initramfs-tools-0.73e.lionel/mkinitramfs 2006-08-14 09:20:01.766430453 +0200
@@ -98,6 +98,10 @@
usage
fi
+if [ -n "${UMASK}" ]; then
+ umask "${UMASK}"
+fi
+
# And by "version" we really mean path to kernel modules
# This is braindead, and exists to preserve the interface with mkinitrd
if [ ${#} -ne 1 ]; then
Reply to: