55 lines
2.1 KiB
Diff
55 lines
2.1 KiB
Diff
From 7b0e8e2427cf6b10bffb410b66dd02272be3e386 Mon Sep 17 00:00:00 2001
|
|
From: Johannes Meixner <jsmeix@suse.com>
|
|
Date: Mon, 8 Jan 2024 14:40:42 +0100
|
|
Subject: [PATCH 1/2] Make initrd accessible only by root
|
|
|
|
In pack/GNU/Linux/900_create_initramfs.sh call
|
|
chmod 0600 "$TMP_DIR/$REAR_INITRD_FILENAME"
|
|
to let only root access the initrd because
|
|
the ReaR recovery system can contain secrets
|
|
see https://github.com/rear/rear/issues/3122
|
|
---
|
|
usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh b/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh
|
|
index 1e0c11039c..5d3f67a84b 100644
|
|
--- a/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh
|
|
+++ b/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh
|
|
@@ -125,4 +125,10 @@ case "$REAR_INITRD_COMPRESSION" in
|
|
fi
|
|
;;
|
|
esac
|
|
+
|
|
+# Only root should allowed to access the initrd
|
|
+# because the ReaR recovery system can contain secrets
|
|
+# cf. https://github.com/rear/rear/issues/3122
|
|
+test -s "$TMP_DIR/$REAR_INITRD_FILENAME" && chmod 0600 "$TMP_DIR/$REAR_INITRD_FILENAME"
|
|
+
|
|
popd >/dev/null
|
|
|
|
From 1271257aedaa78e703c140a99f374fcecb48b4fd Mon Sep 17 00:00:00 2001
|
|
From: Johannes Meixner <jsmeix@suse.com>
|
|
Date: Mon, 8 Jan 2024 15:57:36 +0100
|
|
Subject: [PATCH 2/2] Update 900_create_initramfs.sh
|
|
|
|
Typo fix in comment:
|
|
"should allowed" -> "should be allowed"
|
|
---
|
|
usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh b/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh
|
|
index 5d3f67a84b..12be718ed8 100644
|
|
--- a/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh
|
|
+++ b/usr/share/rear/pack/GNU/Linux/900_create_initramfs.sh
|
|
@@ -126,7 +126,7 @@ case "$REAR_INITRD_COMPRESSION" in
|
|
;;
|
|
esac
|
|
|
|
-# Only root should allowed to access the initrd
|
|
+# Only root should be allowed to access the initrd
|
|
# because the ReaR recovery system can contain secrets
|
|
# cf. https://github.com/rear/rear/issues/3122
|
|
test -s "$TMP_DIR/$REAR_INITRD_FILENAME" && chmod 0600 "$TMP_DIR/$REAR_INITRD_FILENAME"
|