New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Race condition in changing permissions #1190
Comments
Note that that's a separate issue, about the initramfs. Thanks |
Separate issue filed: #1191 |
This issue here has been assigned CVE ID of CVE-2019-13178 by MITRE. |
- This is a simple variation on the theme of things-that-call-a- initramfs-updater, so the code is mostly a copy of initramfs/ module. I didn't even bother to strip out the configuration- handling (I figure it might be good for *something*) so now "" and "$uname" are valid kernel names as well. - Fixes security issue where the initramfs ends up readable by all, and that includes the cryptfile for LUKS. SEE #1190
The merge of issue-1190 branch has fixed this problem: before running Leaving the issue open, though, until there is a release with the fix included. |
Hello, please note that there's a race condition between the time when the key file is created and when the permissions are changed that it is probably visible to some or all users on the system.
calamares/src/modules/luksbootkeyfile/main.py
Line 99 in 71a719d
The safe way to create a file with restricted permissions is to set the process umask(2) before creating the file. The shell built-in umask(1) command can do this.
Thanks
The text was updated successfully, but these errors were encountered: