diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2011-10-26 14:41:23 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-10-26 14:42:29 +0000 |
commit | 94032669d284f150939429526300518b06ced8fe (patch) | |
tree | 94580ff2e064061264f798d50ef4e57e35bff77e | |
parent | 8ded1f134b51cdc2229dff4ed5edc5aea041d834 (diff) | |
download | aports-94032669d284f150939429526300518b06ced8fe.tar.bz2 aports-94032669d284f150939429526300518b06ced8fe.tar.xz |
main/mkinitfs: security fix. make sure initramfs is not world writeable
ref #788
-rw-r--r-- | main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch | 25 | ||||
-rw-r--r-- | main/mkinitfs/APKBUILD | 4 |
2 files changed, 28 insertions, 1 deletions
diff --git a/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch new file mode 100644 index 0000000000..81602e2a91 --- /dev/null +++ b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch @@ -0,0 +1,25 @@ +From ba9ab744c9ede5f9d70d57b1623505d47f9024e4 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 26 Oct 2011 14:10:58 +0000 +Subject: [PATCH] mkinitfs: ensure that initramfs image is not world writable + +--- + mkinitfs.in | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/mkinitfs.in b/mkinitfs.in +index f79a204..a7dd090 100755 +--- a/mkinitfs.in ++++ b/mkinitfs.in +@@ -143,6 +143,8 @@ initfs_apk_keys() { + + initfs_cpio() { + [ -n "$list_sources" ] && return ++ rm -f $outfile ++ umask 0022 + (cd "$tmpdir" && find . | cpio -o -H newc | gzip) > $outfile + } + +-- +1.7.7.1 + diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD index 2067ae1428..31f3270697 100644 --- a/main/mkinitfs/APKBUILD +++ b/main/mkinitfs/APKBUILD @@ -1,12 +1,13 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mkinitfs pkgver=2.4.0 -pkgrel=0 +pkgrel=1 pkgdesc="Tool to generate initramfs images for Alpine" url=http://git.alpinelinux.org/cgit/mkinitfs depends="busybox apk-tools>=2.0" triggers="$pkgname.trigger=/usr/share/kernel/*" source="http://git.alpinelinux.org/cgit/$pkgname.git/snapshot/$pkgname-$pkgver.tar.bz2 + 0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch eglibc.patch " arch="noarch" @@ -43,4 +44,5 @@ package() { make install DESTDIR="$pkgdir" || return 1 } md5sums="3b7ca4f70bdded5fca0c0c70ddac56f6 mkinitfs-2.4.0.tar.bz2 +3885d1eb3f76bc87120159f007db3cea 0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch e59c2f7de496fe430b07e32fd812ebe0 eglibc.patch" |