[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#381677: initramfs-tools: Temporary files and initramfs world-readable



On Tue, Sep 12, 2006 at 04:06:20PM +0200, maximilian attems wrote:
> On Tue, 12 Sep 2006, Lionel Elie Mamane wrote:
>> On Mon, Aug 14, 2006 at 03:11:39PM +0200, maximilian attems wrote:

>>> I've removed the patch tag, as the proposed patch is nacked,

>> Except as outlined in <[🔎] 20060912045727.GA10337@capsaicin.mamane.lu>,
>> what's wrong with the patch proposed in
>> <20060814112650.GB8810@dp.vpn.nusquama.org> ?

> it adds an config option that has only a small scope to an existing
> conffile.

OK, I understand now.

>>> so we need for your loop-aes pleasure a specific config dir for
>>> mkinitramfs UMASK setting, other packages may want to set
>>> BUSYBOX=yes there or whatever.

>> Aren't /usr/share/initramfs-tools/conf.d/ and/or
>> /etc/initramfs-tools/conf.d/ already such "specific config dir"?

> no they got source inside the initramfs on boot time,

Ah yeah, right.

> what you want is a conf dir for build specific package specific
> settings.

Actually, if we look at the details, I'm not sure the loopaes-utils
package should unconditionally set the umask of initramfs-tools, as
a significant portion of the users may have the package installed,
but not an encrypted _root_ filesystem. So in the best case, we would
want the loopaes hooks to be able to decide whether they touch the
umask or not at runtime (runtime = building the initramfs), but this
seems difficult at best. So, I suppose that the next best thing would
be to give the _administrator_ a way to change the umask. But that's
up to the maintainer of loopaes-utils, naturally.

Max Vozeler? An opinion on that?


-- 
Lionel



Reply to: