Package: initramfs-tools Version: 0.73b Tags: patch The generated initramfs is world-readable (as well as the temporary files); this leaks cryptographic keys (in password-protected form) to all users on the system when the root fs is encrypted (because these keys then get copied to the initramfs, at least in the loop-aes case). See bug #378488 for a discussion of this in the context of loop-aes.
This patch fixes that. As making these files running user only readable does not, as far as I can see, hurt even when not strictly necessary, the patch just does it unconditionnaly. Please apply (or comment). Thanks. -- Lionel
diff -uN --recursive initramfs-tools-0.73b/mkinitramfs initramfs-tools-0.73b.lionel/mkinitramfs --- initramfs-tools-0.73b/mkinitramfs 2006-07-29 13:05:20.000000000 +0200 +++ initramfs-tools-0.73b.lionel/mkinitramfs 2006-08-06 14:44:51.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/sh -umask 0022 +umask 0077 # Defaults keep="n"
