Bug#381677: initramfs-tools: Temporary files and initramfs world-readable

To: Lionel Elie Mamane <lionel@mamane.lu>
Cc: maximilian attems <maks@sternwelten.at>, 381677@bugs.debian.org
Subject: Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
From: Max Vozeler <max@nusquama.org>
Date: Tue, 12 Sep 2006 20:16:31 +0200
Message-id: <[🔎] 20060912201631.2dfe573d@localhost>
Reply-to: Max Vozeler <max@nusquama.org>, 381677@bugs.debian.org
In-reply-to: <[🔎] 20060912143307.GA27761@capsaicin.mamane.lu>
References: <20060806130659.GA6798@bagnat.mamane.lu> <20060812084316.GH24632@nancy> <20060812133942.aa7ebc96.dr@jones.dk> <20060813092602.GC6205@nancy> <20060813121313.75e0b3cd.dr@jones.dk> <20060813143457.GD4868@baikonur.stro.at> <20060814013428.88535ad7.dr@jones.dk> <20060814131139.GG4868@baikonur.stro.at> <[🔎] 20060912050420.GB10337@capsaicin.mamane.lu> <[🔎] 20060912140620.GC15884@nancy> <[🔎] 20060912143307.GA27761@capsaicin.mamane.lu>

Hi all,

On Tue, 12 Sep 2006 16:33:07 +0200, Lionel Elie Mamane wrote:
> > what you want is a conf dir for build specific package specific
> > settings.
> 
> Actually, if we look at the details, I'm not sure the loopaes-utils
> package should unconditionally set the umask of initramfs-tools, as
> a significant portion of the users may have the package installed,
> but not an encrypted _root_ filesystem. So in the best case, we would
> want the loopaes hooks to be able to decide whether they touch the
> umask or not at runtime (runtime = building the initramfs), but this
> seems difficult at best. So, I suppose that the next best thing would
> be to give the _administrator_ a way to change the umask. But that's
> up to the maintainer of loopaes-utils, naturally.

The hook could still abort if it detects an encrypted root 
filesystem with a too permissive setting of UMASK, no? If it
can do that, I think relying on the admin to configure it
appropriately before it'll work would be reasonable.

A configuration directory like the mkinitramfs.d maks described
would still be very useful for setting up encrypted root on 
loop-AES from inside d-i (partman-crypto) though, as we will
need to take care of configuration there and set UMASK=077 
before the first initrd gets created.

cheers,
Max

Reply to:

Follow-Ups:
- Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
  - From: maximilian attems <maks@sternwelten.at>

References:
- Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
  - From: Lionel Elie Mamane <lionel@mamane.lu>
- Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
  - From: maximilian attems <maks@sternwelten.at>
- Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
  - From: Lionel Elie Mamane <lionel@mamane.lu>

Prev by Date: Bug#387168: Missing SATA support for VIA VT8251 based boards
Next by Date: Processed: 2.6.15 bugs
Previous by thread: Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
Next by thread: Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
Index(es):
- Date
- Thread