Blame 0148-dracut.sh-create-the-initramfs-non-world-readable-al.patch

Harald Hoyer 53404a
From 0db98910a11c12a454eac4c8e86dc7a7bbc764a4 Mon Sep 17 00:00:00 2001
Harald Hoyer 53404a
From: Andreas Stieger <astieger@suse.com>
Harald Hoyer 53404a
Date: Mon, 7 Nov 2016 10:37:22 +0100
Harald Hoyer 53404a
Subject: [PATCH] dracut.sh: create the initramfs non-world readable also if
Harald Hoyer 53404a
 early cpio is used
Harald Hoyer 53404a
Harald Hoyer 53404a
Fixes: 5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
Harald Hoyer 53404a
Previously fixed CVE-2012-4453: e1b48995c26c4f06d1a718539cb1bd5b0179af91
Harald Hoyer 53404a
Harald Hoyer 53404a
Signed-off-by: Andreas Stieger <astieger@suse.com>
Harald Hoyer 53404a
---
Harald Hoyer 53404a
 dracut.sh | 2 +-
Harald Hoyer 53404a
 1 file changed, 1 insertion(+), 1 deletion(-)
Harald Hoyer 53404a
Harald Hoyer 53404a
diff --git a/dracut.sh b/dracut.sh
Harald Hoyer 53404a
index 40ca08f..2d79bbc 100755
Harald Hoyer 53404a
--- a/dracut.sh
Harald Hoyer 53404a
+++ b/dracut.sh
Harald Hoyer 53404a
@@ -1700,7 +1700,7 @@ if [[ $create_early_cpio = yes ]]; then
Harald Hoyer 53404a
 
Harald Hoyer 53404a
     # The microcode blob is _before_ the initramfs blob, not after
Harald Hoyer 53404a
     if ! (
Harald Hoyer 53404a
-            cd "$early_cpio_dir/d"
Harald Hoyer 53404a
+            umask 077; cd "$early_cpio_dir/d"
Harald Hoyer 53404a
             find . -print0 | sort -z \
Harald Hoyer 53404a
                 | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
Harald Hoyer 53404a
         ); then