From ba4e5c0004aa2c7ed1ab69d497f54e1b770581db Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Sun, 27 Jan 2013 10:06:46 +0000
Subject: Fix permissions on written initrd's

This fixes a potential leakage of sensitive information in the initrd
to non-root local users.
---
 scripts/remove-boot-splash | 1 +
 1 file changed, 1 insertion(+)

(limited to 'scripts/remove-boot-splash')

diff --git a/scripts/remove-boot-splash b/scripts/remove-boot-splash
index 058b60b..39db143 100755
--- a/scripts/remove-boot-splash
+++ b/scripts/remove-boot-splash
@@ -67,6 +67,7 @@ rm -rf \
   $tmp_dir/plymouth/etc/splashy \
   $tmp_dir/plymouth/usr/share/splashy
 
+umask 077
 find . | \
   cpio -R 0:0 -H newc -o --quiet | \
   $COMPRESS > $tmp_dir/initrd  || clean_and_fail
-- 
cgit v1.2.1