On Sat, Aug 12, 2006 at 10:43:16AM +0200, maximilian attems wrote: > On Sun, 06 Aug 2006, Lionel Elie Mamane wrote:
>> The generated initramfs is world-readable (as well as the temporary >> files); this leaks cryptographic keys (in password-protected form) to >> all users on the system when the root fs is encrypted (because these >> keys then get copied to the initramfs, at least in the loop-aes >> case). > i like the initramfs-tools initrd.img to be debuggable as > user (quick check of their contents). > also loop-aes is quite a specific use case, > so i'm not in big favour of setting the umask in general > to the proposed value as in general there is no gpg key > in the initramfs. Let's do it optionally then. New patch attached. -- Lionel
diff --recursive -u initramfs-tools-0.73e/conf/initramfs.conf initramfs-tools-0.73e.lionel/conf/initramfs.conf --- initramfs-tools-0.73e/conf/initramfs.conf 2006-07-20 20:49:22.000000000 +0200 +++ initramfs-tools-0.73e.lionel/conf/initramfs.conf 2006-08-14 09:23:23.904512135 +0200 @@ -52,3 +52,12 @@ NFSROOT=auto +# +# UMASK: 0nnn +# +# umask applied for temporary files and initramfs; you will probably +# want to tighten it if the initramfs contains secrets such as +# cryptographic keys (e.g. encrypted root). +# +UMASK=0022 + diff --recursive -u initramfs-tools-0.73e/mkinitramfs initramfs-tools-0.73e.lionel/mkinitramfs --- initramfs-tools-0.73e/mkinitramfs 2006-08-13 10:03:36.000000000 +0200 +++ initramfs-tools-0.73e.lionel/mkinitramfs 2006-08-14 09:20:01.766430453 +0200 @@ -98,6 +98,10 @@ usage fi +if [ -n "${UMASK}" ]; then + umask "${UMASK}" +fi + # And by "version" we really mean path to kernel modules # This is braindead, and exists to preserve the interface with mkinitrd if [ ${#} -ne 1 ]; then