[Yaird-devel] Bug#336454: yaird: Creates initrd with deviating permissions

[Jonas Smedegaard]

On Sun, 30 Oct 2005 13:16:29 +0100 Frans Pop wrote:

> After installing 2.6.14 I noticed that the initrd created by yaird has
> different permissions from all other initrds on my system.
> 
> -rw-------   1 root root 1069831 2005-10-30 12:11
> initrd.img-2.6.14-1-686
> 
> All others have -rw-r--r--. Also all kernel images and config files
> are world readable.
> 
> If there is not a good reason for changing permissions, I feel that
> yaird should be consistent with other tools in this respect.

First of all, I apologize for taking so long to respond to this. Thanks
to Maximilian Attems for bringing it to my attention in bug#381677.

yaird runs as root, and collects info from several places, some of
which may be readable only as root. It then stores that collected info
in a newly created file. As a precaution, this newly created file is
created only accessible by root, so as to not accidentally leak info.

This mostly works well. One situation that I am aware of is the use of
ramdisks for diskless environments like lessdisks (see bug#336518 where
access rights is also - lightly - discussed).

I consider the tight permissions a feature, not a bug, but has left
this bugreport open for the benefit of the doubt.

Are you aware of any ill effects of the tight permissions, in addition
to the already known one of tftp publication?

If not, I suggest this bugreport into a wishlist request for support
for optionally relaxing the permissions.


 - Jonas

-- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 - Enden er nær: http://www.shibumi.org/eoti.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/yaird-devel/attachments/20060812/8fad2c61/attachment.pgp