On Sun, 06 Aug 2006, Lionel Elie Mamane wrote: > The generated initramfs is world-readable (as well as the temporary > files); this leaks cryptographic keys (in password-protected form) to > all users on the system when the root fs is encrypted (because these > keys then get copied to the initramfs, at least in the loop-aes > case). See bug #378488 for a discussion of this in the context of > loop-aes.
yaird installs initrd.img with 600 without giving any further reasons -> see #336454 no reply from maintainer since bug is filed. > This patch fixes that. As making these files running user only > readable does not, as far as I can see, hurt even when not strictly > necessary, the patch just does it unconditionnaly. > > > Please apply (or comment). Thanks. i'd have waited for someone else to voice there concerns. i like the initramfs-tools initrd.img to be debuggable as user (quick check of their contents). also loop-aes is quite a specific use case, so i'm not in big favour of setting the umask in general to the proposed value as in general there is no gpg key in the initramfs. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
