aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Guthrie <colin@mageia.org>2013-01-27 10:06:46 +0000
committerColin Guthrie <colin@mageia.org>2013-01-27 10:06:46 +0000
commitba4e5c0004aa2c7ed1ab69d497f54e1b770581db (patch)
tree6801e5d019d03094eed46968def4309b57fc8ad6
parent2fc9ca296692b3c8b5e83e0a25b930841db94381 (diff)
Fix permissions on written initrd's
This fixes a potential leakage of sensitive information in the initrd to non-root local users.
-rwxr-xr-xscripts/make-boot-splash-raw2
-rwxr-xr-xscripts/remove-boot-splash1
2 files changed, 3 insertions, 0 deletions
diff --git a/scripts/make-boot-splash-raw b/scripts/make-boot-splash-raw
index 74a65eb..dcafb88 100755
--- a/scripts/make-boot-splash-raw
+++ b/scripts/make-boot-splash-raw
@@ -55,6 +55,7 @@ if [ -n "$CPIO" ]; then
rm -rf $tmp_dir/plymouth/usr/share/plymouth/themes
/usr/libexec/plymouth/plymouth-populate-initrd -t . || clean_and_fail
+ umask 077
find . | \
cpio -R 0:0 -H newc -o --quiet | \
$COMPRESS > $tmp_dir/initrd || clean_and_fail
@@ -74,6 +75,7 @@ else
rc=$?
umount $tmp_dir 2>/dev/null
[ $rc -ne 0 ] && clean_and_fail
+ umask 077
gzip -9 -c $tmp_initrd > $initrd_file.tmp 2>/dev/null || clean_and_fail
mv -f $initrd_file.tmp $initrd_file
fi
diff --git a/scripts/remove-boot-splash b/scripts/remove-boot-splash
index 058b60b..39db143 100755
--- a/scripts/remove-boot-splash
+++ b/scripts/remove-boot-splash
@@ -67,6 +67,7 @@ rm -rf \
$tmp_dir/plymouth/etc/splashy \
$tmp_dir/plymouth/usr/share/splashy
+umask 077
find . | \
cpio -R 0:0 -H newc -o --quiet | \
$COMPRESS > $tmp_dir/initrd || clean_and_fail