Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
Hi all,
On Mon, Aug 14, 2006 at 09:26:04AM +0200, Lionel Elie Mamane wrote:
> On Sat, Aug 12, 2006 at 10:43:16AM +0200, maximilian attems wrote:
> > also loop-aes is quite a specific use case,
> > so i'm not in big favour of setting the umask in general
> > to the proposed value as in general there is no gpg key
> > in the initramfs.
>
> Let's do it optionally then. New patch attached.
> --- initramfs-tools-0.73e/mkinitramfs 2006-08-13 10:03:36.000000000 +0200
> +++ initramfs-tools-0.73e.lionel/mkinitramfs 2006-08-14 09:20:01.766430453 +0200
> @@ -98,6 +98,10 @@
> usage
> fi
>
> +if [ -n "${UMASK}" ]; then
> + umask "${UMASK}"
> +fi
> +
There is "touch $2" in getopt parsing of the -o <file> option,
which can create the file before the umask setting takes effect.
I think we'd need to move the touch/readlink out of getopt to
after the umask setting, like attached (untested).
cheers,
Max
--- mkinitramfs.orig 2006-08-14 13:21:20.000000000 +0200
+++ mkinitramfs 2006-08-14 13:22:58.000000000 +0200
@@ -28,8 +28,7 @@
fi
;;
-o)
- touch $2
- outfile="$(readlink -f "$2")"
+ outfile="$2"
shift 2
;;
-k)
@@ -95,6 +94,13 @@
fi
done
+if [ -n "${UMASK}" ]; then
+ umask "${UMASK}"
+fi
+
+touch $outfile
+outfile="$(readlink -f "$outfile")"
+
if [ -z "${outfile}" ]; then
usage
fi
Reply to: