Bug#381677: initramfs-tools: Temporary files and initramfs world-readable

[Lionel Elie Mamane <lionel@mamane.lu>]

On Mon, Aug 14, 2006 at 01:26:50PM +0200, Max Vozeler wrote:
> On Mon, Aug 14, 2006 at 09:26:04AM +0200, Lionel Elie Mamane wrote:
>> On Sat, Aug 12, 2006 at 10:43:16AM +0200, maximilian attems wrote:

>>> also loop-aes is quite a specific use case, so i'm not in big
>>> favour of setting the umask in general to the proposed value as in
>>> general there is no gpg key in the initramfs.

>> Let's do it optionally then. New patch attached.

> There is "touch $2" in getopt parsing of the -o <file> option, which
> can create the file before the umask setting takes effect.  I think
> we'd need to move the touch/readlink out of getopt to after the
> umask setting, like attached (untested).
> --- mkinitramfs.orig	2006-08-14 13:21:20.000000000 +0200
> +++ mkinitramfs	2006-08-14 13:22:58.000000000 +0200
> @@ -28,8 +28,7 @@
>  		fi
>  		;;
>  	-o)
> -		touch $2
> -		outfile="$(readlink -f "$2")"
> +		outfile="$2"
>  		shift 2
>  		;;
>  	-k)
> @@ -95,6 +94,13 @@
>  	fi
>  done
>  
> +if [ -n "${UMASK}" ]; then
> +	umask "${UMASK}"
> +fi
> +
> +touch $outfile
> +outfile="$(readlink -f "$outfile")"
> +
>  if [ -z "${outfile}" ]; then
>  	usage
>  fi

The added code block needs to be _after_ the

  if [ -z "${outfile}" ]; then
  	usage
  fi

-- 
Lionel