Bug#381677: marked as done (initramfs-tools: Temporary files and initramfs world-readable)

To: maximilian attems <maks@sternwelten.at>
Subject: Bug#381677: marked as done (initramfs-tools: Temporary files and initramfs world-readable)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 13 Nov 2006 23:48:15 -0800
Message-id: <[🔎] handler.381677.D381677.116349013415843.ackdone@bugs.debian.org>
References: <E1Gjsm9-0006Xe-FJ@spohr.debian.org> <20060806130659.GA6798@bagnat.mamane.lu>

Your message dated Mon, 13 Nov 2006 23:32:09 -0800
with message-id <E1Gjsm9-0006Xe-FJ@spohr.debian.org>
and subject line Bug#381677: fixed in initramfs-tools 0.85b
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: initramfs-tools: Temporary files and initramfs world-readable
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 6 Aug 2006 15:06:59 +0200
Message-id: <20060806130659.GA6798@bagnat.mamane.lu>

Package: initramfs-tools
Version: 0.73b
Tags: patch

The generated initramfs is world-readable (as well as the temporary
files); this leaks cryptographic keys (in password-protected form) to
all users on the system when the root fs is encrypted (because these
keys then get copied to the initramfs, at least in the loop-aes
case). See bug #378488 for a discussion of this in the context of
loop-aes.

This patch fixes that. As making these files running user only
readable does not, as far as I can see, hurt even when not strictly
necessary, the patch just does it unconditionnaly.


Please apply (or comment). Thanks.


-- 
Lionel

diff -uN --recursive initramfs-tools-0.73b/mkinitramfs initramfs-tools-0.73b.lionel/mkinitramfs
--- initramfs-tools-0.73b/mkinitramfs	2006-07-29 13:05:20.000000000 +0200
+++ initramfs-tools-0.73b.lionel/mkinitramfs	2006-08-06 14:44:51.000000000 +0200
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-umask 0022
+umask 0077
 
 # Defaults
 keep="n"

--- End Message ---

--- Begin Message ---

To: 381677-close@bugs.debian.org
Subject: Bug#381677: fixed in initramfs-tools 0.85b
From: maximilian attems <maks@sternwelten.at>
Date: Mon, 13 Nov 2006 23:32:09 -0800
Message-id: <E1Gjsm9-0006Xe-FJ@spohr.debian.org>

Source: initramfs-tools
Source-Version: 0.85b

We believe that the bug you reported is fixed in the latest version of
initramfs-tools, which is due to be installed in the Debian FTP archive:

initramfs-tools_0.85b.dsc
  to pool/main/i/initramfs-tools/initramfs-tools_0.85b.dsc
initramfs-tools_0.85b.tar.gz
  to pool/main/i/initramfs-tools/initramfs-tools_0.85b.tar.gz
initramfs-tools_0.85b_all.deb
  to pool/main/i/initramfs-tools/initramfs-tools_0.85b_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 381677@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
maximilian attems <maks@sternwelten.at> (supplier of updated initramfs-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 14 Nov 2006 08:06:40 +0100
Source: initramfs-tools
Binary: initramfs-tools
Architecture: source all
Version: 0.85b
Distribution: unstable
Urgency: medium
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: maximilian attems <maks@sternwelten.at>
Description: 
 initramfs-tools - tools for generating an initramfs
Closes: 381677 397787
Changes: 
 initramfs-tools (0.85b) unstable; urgency=medium
 .
   * mkinitramfs: Test for ${outfile} before touching anything. (closes: 381677)
 .
   * update-initramfs.conf, update-initramfs: Allow to disable backup strategy.
     While we are it fix logic of backup_booted_initramfs(). (closes: 397787)
     urgency medium.
 .
   * scripts/init-top/framebuffer: Fix regression of /dev/fb0 creation,
     modprobe fb before creating device. Thanks to Otavio Salvador
     <otavio@debian.org> for patch.
Files: 
 18bf164dfbb980dbfffcdb7c57197724 625 utils optional initramfs-tools_0.85b.dsc
 ba62b067470c98caad17f4b945e6825b 54533 utils optional initramfs-tools_0.85b.tar.gz
 270153a3824f13ea858f9b39889dd814 61382 utils optional initramfs-tools_0.85b_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFWW0ZLqiZQEml+FURAnqVAKCKo+zrCsyRKAoMq618hJkA2U1+2ACfcJoF
ghLaiYB0As2eEvF3HqKd/po=
=qn1Z
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#397787: marked as done (please provide switch to disable initrd backups)
Next by Date: Bug#398353: It doesn't freeze on similar system with different video chipset
Previous by thread: initramfs-tools_0.85b_i386.changes ACCEPTED
Next by thread: Processed: retitle 395223 to don't warn about no longer existing initrd
Index(es):
- Date
- Thread