Skip to content
Snippets Groups Projects
Commit 27b8dc5b authored by Natanael Copa's avatar Natanael Copa
Browse files

main/mkinitfs: fix permissions of initramfs 

it may contain sensitive information
fixes #11044
parent c467afc6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch 0 → 100644
+ 26
0
View file @ 27b8dc5b
From 23fe38c883439310ead972e734cba985b7baaf63 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 18 Dec 2019 11:48:14 +0000
Subject: [PATCH] mkinitfs: harden permissions of initramfs
ref https://gitlab.alpinelinux.org/alpine/aports/issues/11044
---
mkinitfs.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mkinitfs.in b/mkinitfs.in
index 8cd3de3..9bd95f9 100755
--- a/mkinitfs.in
+++ b/mkinitfs.in
@@ -153,7 +153,7 @@ initfs_cpio() {
return
fi
rm -f $outfile
- umask 0022
+ umask 0077
(cd "$tmpdir" && find . | sort | cpio --quiet -o -H newc | $comp) > $outfile
}
--
2.24.1
main/mkinitfs/APKBUILD
+ 4
2
View file @ 27b8dc5b
......@@ -2,7 +2,7 @@
pkgname=mkinitfs
pkgver=3.4.3
_ver=${pkgver%_git*}
pkgrel=3
pkgrel=4
pkgdesc="Tool to generate initramfs images for Alpine"
url="https://git.alpinelinux.org/cgit/mkinitfs"
arch="all"
......@@ -19,6 +19,7 @@ source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$_ver.tar.xz
0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch
0001-features-add-af_packet-kernel-module-for-dhcp.patch
0001-Helping-parsing-code-survive-variable-settings-with-.patch
0001-mkinitfs-harden-permissions-of-initramfs.patch
"
build() {
......@@ -34,4 +35,5 @@ package() {
sha512sums="d335a6f58ca38a3cc6dcc560baaabd3ea9522ce25de008eb637f0761db7f783c3b03767ba046c3d34550d1d0741bcc54ad09903b41e79fe408264eadbbc0a457 mkinitfs-3.4.3.tar.xz
6b7c16035181ab96a1d0dad9f31df8d74e6d39db775ce540b2b2efaaa4d918a18f331829f4113bff7a38805f648b7d83b7ec15adaaf78b17c9465dc0a19e8b32 0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch
2b29aceee789a79c5395e9a4e896aa0561f812420aa98ab9febdca8e1ea34691d2b819a8f0c09e56d198fda587e569ce026bc6aacdb700ea00a91fc08dcd3a05 0001-features-add-af_packet-kernel-module-for-dhcp.patch
2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847 0001-Helping-parsing-code-survive-variable-settings-with-.patch"
2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847 0001-Helping-parsing-code-survive-variable-settings-with-.patch
848c4e4a30eb878a3733289e00b55665c72b1f810a98e2f04df7a82dfb442ec5be9413719b3f1a1116458571730ffa30e14dc746cfa9dc482c13b49ebac84d2f 0001-mkinitfs-harden-permissions-of-initramfs.patch"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment