aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2011-10-26 14:41:23 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2011-10-26 14:42:29 +0000
commit94032669d284f150939429526300518b06ced8fe (patch)
tree94580ff2e064061264f798d50ef4e57e35bff77e /main
parent8ded1f134b51cdc2229dff4ed5edc5aea041d834 (diff)
downloadaports-94032669d284f150939429526300518b06ced8fe.tar.bz2
aports-94032669d284f150939429526300518b06ced8fe.tar.xz
main/mkinitfs: security fix. make sure initramfs is not world writeable
ref #788
Diffstat (limited to 'main')
-rw-r--r--main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch25
-rw-r--r--main/mkinitfs/APKBUILD4
2 files changed, 28 insertions, 1 deletions
diff --git a/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
new file mode 100644
index 000000000..81602e2a9
--- /dev/null
+++ b/main/mkinitfs/0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
@@ -0,0 +1,25 @@
+From ba9ab744c9ede5f9d70d57b1623505d47f9024e4 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 26 Oct 2011 14:10:58 +0000
+Subject: [PATCH] mkinitfs: ensure that initramfs image is not world writable
+
+---
+ mkinitfs.in | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/mkinitfs.in b/mkinitfs.in
+index f79a204..a7dd090 100755
+--- a/mkinitfs.in
++++ b/mkinitfs.in
+@@ -143,6 +143,8 @@ initfs_apk_keys() {
+
+ initfs_cpio() {
+ [ -n "$list_sources" ] && return
++ rm -f $outfile
++ umask 0022
+ (cd "$tmpdir" && find . | cpio -o -H newc | gzip) > $outfile
+ }
+
+--
+1.7.7.1
+
diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD
index 2067ae142..31f327069 100644
--- a/main/mkinitfs/APKBUILD
+++ b/main/mkinitfs/APKBUILD
@@ -1,12 +1,13 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mkinitfs
pkgver=2.4.0
-pkgrel=0
+pkgrel=1
pkgdesc="Tool to generate initramfs images for Alpine"
url=http://git.alpinelinux.org/cgit/mkinitfs
depends="busybox apk-tools>=2.0"
triggers="$pkgname.trigger=/usr/share/kernel/*"
source="http://git.alpinelinux.org/cgit/$pkgname.git/snapshot/$pkgname-$pkgver.tar.bz2
+ 0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
eglibc.patch
"
arch="noarch"
@@ -43,4 +44,5 @@ package() {
make install DESTDIR="$pkgdir" || return 1
}
md5sums="3b7ca4f70bdded5fca0c0c70ddac56f6 mkinitfs-2.4.0.tar.bz2
+3885d1eb3f76bc87120159f007db3cea 0001-mkinitfs-ensure-that-initramfs-image-is-not-world-wr.patch
e59c2f7de496fe430b07e32fd812ebe0 eglibc.patch"