Overview

File 0320-dracut.sh-create-the-initramfs-non-world-readable-al.patch of Package dracut.6321

From cc1d16ba73986d05018992473494882ef72cae28 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Tue, 31 Jan 2017 12:35:38 +0100
Subject: [PATCH 2/2] dracut.sh: create the initramfs non-world readable also
 if early cpio is used

 Fixes: 5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
 Previously fixed CVE-2012-4453:
 e1b48995c26c4f06d1a718539cb1bd5b0179af91
---
 dracut.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dracut.sh b/dracut.sh
index 46632d0..9f2b72e 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1587,7 +1587,7 @@ dinfo "*** Creating image file ***"
 if [[ $create_early_cpio = yes ]]; then
     echo 1 > "$early_cpio_dir/d/early_cpio"
     # The microcode blob is _before_ the initramfs blob, not after
-    (cd "$early_cpio_dir/d";     find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet > $outfile)
+    ( umask 077; cd "$early_cpio_dir/d";     find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet > $outfile)
 fi
 if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet | \
     $compress >> "$outfile"; ); then
-- 
2.10.2
openSUSE Build Service is sponsored by
Places