diff options
| author | Colin Guthrie <colin@mageia.org> | 2013-01-27 10:06:46 +0000 |
|---|---|---|
| committer | Colin Guthrie <colin@mageia.org> | 2013-01-27 10:06:46 +0000 |
| commit | ba4e5c0004aa2c7ed1ab69d497f54e1b770581db (patch) | |
| tree | 6801e5d019d03094eed46968def4309b57fc8ad6 | |
| parent | 2fc9ca296692b3c8b5e83e0a25b930841db94381 (diff) | |
| download | bootsplash-ba4e5c0004aa2c7ed1ab69d497f54e1b770581db.tar bootsplash-ba4e5c0004aa2c7ed1ab69d497f54e1b770581db.tar.gz bootsplash-ba4e5c0004aa2c7ed1ab69d497f54e1b770581db.tar.bz2 bootsplash-ba4e5c0004aa2c7ed1ab69d497f54e1b770581db.tar.xz bootsplash-ba4e5c0004aa2c7ed1ab69d497f54e1b770581db.zip | |
Fix permissions on written initrd's
This fixes a potential leakage of sensitive information in the initrd
to non-root local users.
| -rwxr-xr-x | scripts/make-boot-splash-raw | 2 | ||||
| -rwxr-xr-x | scripts/remove-boot-splash | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/scripts/make-boot-splash-raw b/scripts/make-boot-splash-raw index 74a65eb..dcafb88 100755 --- a/scripts/make-boot-splash-raw +++ b/scripts/make-boot-splash-raw @@ -55,6 +55,7 @@ if [ -n "$CPIO" ]; then rm -rf $tmp_dir/plymouth/usr/share/plymouth/themes /usr/libexec/plymouth/plymouth-populate-initrd -t . || clean_and_fail + umask 077 find . | \ cpio -R 0:0 -H newc -o --quiet | \ $COMPRESS > $tmp_dir/initrd || clean_and_fail @@ -74,6 +75,7 @@ else rc=$? umount $tmp_dir 2>/dev/null [ $rc -ne 0 ] && clean_and_fail + umask 077 gzip -9 -c $tmp_initrd > $initrd_file.tmp 2>/dev/null || clean_and_fail mv -f $initrd_file.tmp $initrd_file fi diff --git a/scripts/remove-boot-splash b/scripts/remove-boot-splash index 058b60b..39db143 100755 --- a/scripts/remove-boot-splash +++ b/scripts/remove-boot-splash @@ -67,6 +67,7 @@ rm -rf \ $tmp_dir/plymouth/etc/splashy \ $tmp_dir/plymouth/usr/share/splashy +umask 077 find . | \ cpio -R 0:0 -H newc -o --quiet | \ $COMPRESS > $tmp_dir/initrd || clean_and_fail |