diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2019-12-18 15:39:20 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-12-18 15:39:20 +0000 |
| commit | 27b8dc5bd034f91683012dcb5ad680e64c72c712 (patch) | |
| tree | 4e52de319d3c6f7f1ac7ede98c88cd98ded5a4af | |
| parent | c467afc6754584e901ba177a66365fa31f254a44 (diff) | |
| download | aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.tar.bz2 aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.tar.xz | |
main/mkinitfs: fix permissions of initramfs
it may contain sensitive information
fixes #11044
| -rw-r--r-- | main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch | 26 | ||||
| -rw-r--r-- | main/mkinitfs/APKBUILD | 6 |
2 files changed, 30 insertions, 2 deletions
diff --git a/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch b/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch new file mode 100644 index 0000000000..9c67315bc3 --- /dev/null +++ b/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch @@ -0,0 +1,26 @@ +From 23fe38c883439310ead972e734cba985b7baaf63 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 18 Dec 2019 11:48:14 +0000 +Subject: [PATCH] mkinitfs: harden permissions of initramfs + +ref https://gitlab.alpinelinux.org/alpine/aports/issues/11044 +--- + mkinitfs.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mkinitfs.in b/mkinitfs.in +index 8cd3de3..9bd95f9 100755 +--- a/mkinitfs.in ++++ b/mkinitfs.in +@@ -153,7 +153,7 @@ initfs_cpio() { + return + fi + rm -f $outfile +- umask 0022 ++ umask 0077 + (cd "$tmpdir" && find . | sort | cpio --quiet -o -H newc | $comp) > $outfile + } + +-- +2.24.1 + diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD index d0b4ea2795..5b3e32b146 100644 --- a/main/mkinitfs/APKBUILD +++ b/main/mkinitfs/APKBUILD @@ -2,7 +2,7 @@ pkgname=mkinitfs pkgver=3.4.3 _ver=${pkgver%_git*} -pkgrel=3 +pkgrel=4 pkgdesc="Tool to generate initramfs images for Alpine" url="https://git.alpinelinux.org/cgit/mkinitfs" arch="all" @@ -19,6 +19,7 @@ source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$_ver.tar.xz 0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch 0001-features-add-af_packet-kernel-module-for-dhcp.patch 0001-Helping-parsing-code-survive-variable-settings-with-.patch + 0001-mkinitfs-harden-permissions-of-initramfs.patch " build() { @@ -34,4 +35,5 @@ package() { sha512sums="d335a6f58ca38a3cc6dcc560baaabd3ea9522ce25de008eb637f0761db7f783c3b03767ba046c3d34550d1d0741bcc54ad09903b41e79fe408264eadbbc0a457 mkinitfs-3.4.3.tar.xz 6b7c16035181ab96a1d0dad9f31df8d74e6d39db775ce540b2b2efaaa4d918a18f331829f4113bff7a38805f648b7d83b7ec15adaaf78b17c9465dc0a19e8b32 0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch 2b29aceee789a79c5395e9a4e896aa0561f812420aa98ab9febdca8e1ea34691d2b819a8f0c09e56d198fda587e569ce026bc6aacdb700ea00a91fc08dcd3a05 0001-features-add-af_packet-kernel-module-for-dhcp.patch -2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847 0001-Helping-parsing-code-survive-variable-settings-with-.patch" +2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847 0001-Helping-parsing-code-survive-variable-settings-with-.patch +848c4e4a30eb878a3733289e00b55665c72b1f810a98e2f04df7a82dfb442ec5be9413719b3f1a1116458571730ffa30e14dc746cfa9dc482c13b49ebac84d2f 0001-mkinitfs-harden-permissions-of-initramfs.patch" |