On Wed, Jul 3, 2019 at 6:07 PM Jonathan Carter <j...@debian.org> wrote: > > Hi > > I need some help regarding a security issue that surfaced yesterday that > affects buster. > > Using the Calamares installer and full-disk encryption, sensitive > information is stored in the initramfs, which is world readable: > > https://github.com/calamares/calamares/issues/1191 > > I just took a quick glance through the update-initramfs man pages and > couldn't find anything specific for setting the initramfs permissions.
According to latest LUKS for rootfs guide [1], you can append "UMASK=0077" to /etc/initramfs-tools/initramfs.conf [1] https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
