From ba4e5c0004aa2c7ed1ab69d497f54e1b770581db Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Sun, 27 Jan 2013 10:06:46 +0000
Subject: Fix permissions on written initrd's

This fixes a potential leakage of sensitive information in the initrd
to non-root local users.
---
 scripts/make-boot-splash-raw | 2 ++
 scripts/remove-boot-splash   | 1 +
 2 files changed, 3 insertions(+)

diff --git a/scripts/make-boot-splash-raw b/scripts/make-boot-splash-raw
index 74a65eb..dcafb88 100755
--- a/scripts/make-boot-splash-raw
+++ b/scripts/make-boot-splash-raw
@@ -55,6 +55,7 @@ if [ -n "$CPIO" ]; then
 	rm -rf $tmp_dir/plymouth/usr/share/plymouth/themes
 	/usr/libexec/plymouth/plymouth-populate-initrd -t . || clean_and_fail
 
+	umask 077
 	find . | \
 		cpio -R 0:0 -H newc -o --quiet | \
 		$COMPRESS > $tmp_dir/initrd  || clean_and_fail
@@ -74,6 +75,7 @@ else
 	rc=$?
 	umount $tmp_dir 2>/dev/null
 	[ $rc -ne 0 ] && clean_and_fail
+	umask 077
 	gzip -9 -c $tmp_initrd > $initrd_file.tmp 2>/dev/null || clean_and_fail
 	mv -f $initrd_file.tmp $initrd_file
     fi
diff --git a/scripts/remove-boot-splash b/scripts/remove-boot-splash
index 058b60b..39db143 100755
--- a/scripts/remove-boot-splash
+++ b/scripts/remove-boot-splash
@@ -67,6 +67,7 @@ rm -rf \
   $tmp_dir/plymouth/etc/splashy \
   $tmp_dir/plymouth/usr/share/splashy
 
+umask 077
 find . | \
   cpio -R 0:0 -H newc -o --quiet | \
   $COMPRESS > $tmp_dir/initrd  || clean_and_fail
-- 
cgit v1.2.1