Package: initramfs-tools Version: 0.131ubuntu8 Severity: normal Tags: security
I have fully encrypted (UEFI, LUKS, BTRFS) system and in order to avoid typing password for the second time after GRUB2 added `keyscript` option to `/etc/crypttab`. Keyscript file is only readable by root, however, resulting `initrd.img*` file is readable by anyone, which I think is a security issue. I'd like to see `initrd.img*` files to also be readable by root user only. -- Package-specific info: -- initramfs sizes -rw-r--r-- 1 root root 53M Aug 11 19:50 /boot/initrd.img-4.17.0-5-generic -rw-r--r-- 1 root root 53M Aug 11 19:49 /boot/initrd.img-4.17.0-6-generic -rw-r--r-- 1 root root 53M Aug 11 19:49 /boot/initrd.img-4.17.0-7-generic -- /proc/cmdline BOOT_IMAGE=/root/boot/vmlinuz-4.17.0-5-generic root=UUID=5170aca4-061a-4c6c-ab00-bd7fc8ae6030 ro rootflags=subvol=root nosplash intel_pstate=disable scsi_mod.use_blk_mq=1 intel_iommu=on i915.fastboot=1 -- /etc/crypttab # <target name> <source device> <key file> <options> system UUID=739967f1-9770-470a-a031-8d8b8bcdb350 none luks,discard,keyscript=/etc/cryptroot/system.64.sh -- System Information: Debian Release: buster/sid APT prefers cosmic-proposed APT policy: (500, 'cosmic-proposed'), (500, 'cosmic') Architecture: amd64 (x86_64)
