Your message dated Wed, 06 Jun 2012 13:17:23 +0000
with message-id <e1scg71-0004jx...@franck.debian.org>
and subject line Bug#655175: fixed in initramfs-tools 0.104
has caused the Debian Bug report #655175,
regarding initramfs-tools: /run/initramfs is user-writable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
655175: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655175
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: initramfs-tools
Version: 0.99
Severity: important
% ls -ld /run/initramfs
drwsrwsrwt 2 root root 40 Jan 8 23:42 /run/initramfs
Is there any reason for this directory to be user-writable either
before or after the handover to /sbin/init? AFAIK all the code
run in the initramfs is as root, and no users really exist at this
point, making the need for a user to write to it moot. After the
When the system is booted and users can log in, there is nothing
to stop a user denial of service by filling up /run through the
creation of files in /run/initramfs. I can't think of any valid
reason to give a user write access to a filesystem only intended
to be writable by system processes.
I would suggest creating it with 0755 permissions for safety and
security.
Regards,
Roger
-- Package-specific info:
-- initramfs sizes
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.1.0-1-amd64 root=/dev/mapper/ravenclaw-root ro
-- resume
RESUME=/dev/mapper/ravenclaw-swap
-- /proc/filesystems
btrfs
ext4
fuseblk
-- lsmod
Module Size Used by
tun 18337 2
sit 17561 0
tunnel4 12629 1 sit
parport_pc 22364 0
ppdev 12763 0
lp 17149 0
parport 31858 3 parport_pc,ppdev,lp
acpi_cpufreq 12935 1
mperf 12453 1 acpi_cpufreq
cpufreq_powersave 12454 0
cpufreq_stats 12866 0
cpufreq_conservative 13147 0
cpufreq_userspace 12576 0
binfmt_misc 12957 1
fuse 61981 1
nfsd 259717 2
nfs 312135 0
lockd 67328 2 nfsd,nfs
fscache 36739 1 nfs
auth_rpcgss 37143 2 nfsd,nfs
nfs_acl 12511 2 nfsd,nfs
sunrpc 173516 6 nfsd,nfs,lockd,auth_rpcgss,nfs_acl
dm_snapshot 32737 5
loop 22597 0
firewire_sbp2 18077 0
kvm_intel 121792 0
kvm 278183 1 kvm_intel
snd_hda_codec_hdmi 26548 1
snd_hda_codec_analog 77709 1
snd_hda_intel 26182 0
snd_hda_codec 72920 3
snd_hda_codec_hdmi,snd_hda_codec_analog,snd_hda_intel
snd_hwdep 13186 1 snd_hda_codec
snd_pcm_oss 41081 0
snd_mixer_oss 17916 1 snd_pcm_oss
snd_pcm 63744 4
snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_pcm_oss
snd_seq_midi 12848 0
snd_rawmidi 23060 1 snd_seq_midi
snd_seq_midi_event 13316 1 snd_seq_midi
radeon 648863 2
snd_seq 45093 2 snd_seq_midi,snd_seq_midi_event
ttm 48725 1 radeon
drm_kms_helper 27227 1 radeon
drm 167371 4 radeon,ttm,drm_kms_helper
snd_timer 22917 2 snd_pcm,snd_seq
snd_seq_device 13176 3 snd_seq_midi,snd_rawmidi,snd_seq
i2c_i801 16870 0
i2c_algo_bit 12841 1 radeon
snd 52798 12
snd_hda_codec_hdmi,snd_hda_codec_analog,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
processor 27949 1 acpi_cpufreq
iTCO_wdt 17081 0
iTCO_vendor_support 12704 1 iTCO_wdt
soundcore 13065 1 snd
i2c_core 23876 5 radeon,drm_kms_helper,drm,i2c_i801,i2c_algo_bit
psmouse 55543 0
thermal_sys 18040 1 processor
evdev 17562 3
pcspkr 12579 0
snd_page_alloc 13003 2 snd_hda_intel,snd_pcm
power_supply 13475 1 radeon
serio_raw 12850 0
asus_atk0110 17297 0
button 12937 0
ext4 312988 5
mbcache 13065 1 ext4
jbd2 62015 1 ext4
crc16 12343 1 ext4
btrfs 478019 1
zlib_deflate 25638 1 btrfs
crc32c 12656 1
libcrc32c 12426 1 btrfs
dm_mod 63353 49 dm_snapshot
raid1 30716 1
md_mod 87742 2 raid1
sr_mod 21899 0
cdrom 35401 1 sr_mod
sd_mod 36136 6
crc_t10dif 12348 1 sd_mod
usbhid 36379 0
hid 77192 1 usbhid
uhci_hcd 26865 0
ahci 24997 4
libahci 22860 1 ahci
libata 140545 2 ahci,libahci
firewire_ohci 31530 0
skge 40815 0
firewire_core 48407 2 firewire_sbp2,firewire_ohci
crc_itu_t 12347 1 firewire_core
ehci_hcd 40215 0
sky2 45309 0
scsi_mod 162376 4 firewire_sbp2,sr_mod,sd_mod,libata
usbcore 124095 4 usbhid,uhci_hcd,ehci_hcd
-- /etc/initramfs-tools/modules
-- /etc/kernel-img.conf
# Kernel image management overrides
# See kernel-img.conf(5) for details
do_symlinks = yes
do_bootloader = no
do_initrd = yes
link_in_boot = no
-- /etc/initramfs-tools/initramfs.conf
MODULES=most
BUSYBOX=y
KEYMAP=n
COMPRESS=gzip
BOOT=local
DEVICE=
NFSROOT=auto
-- /etc/initramfs-tools/update-initramfs.conf
update_initramfs=yes
backup_initramfs=no
-- /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sdb3[0] sda3[1]
976752504 blocks super 1.2 [2/2] [UU]
unused devices: <none>
-- mkinitramfs hooks
/etc/initramfs-tools/hooks/:
/usr/share/initramfs-tools/hooks:
btrfs
busybox
dmsetup
fuse
keymap
klibc
lvm2
mdadm
ntfs_3g
thermal
udev
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (550, 'unstable'), (500, 'testing'), (400, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages initramfs-tools depends on:
ii cpio 2.11-7
ii findutils 4.4.2-4
ii klibc-utils 1.5.25-1.1
ii module-init-tools 3.16-1
ii udev 175-3
Versions of packages initramfs-tools recommends:
ii busybox 1:1.19.3-5
Versions of packages initramfs-tools suggests:
ii bash-completion 1:1.3-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: initramfs-tools
Source-Version: 0.104
We believe that the bug you reported is fixed in the latest version of
initramfs-tools, which is due to be installed in the Debian FTP archive:
initramfs-tools_0.104.dsc
to main/i/initramfs-tools/initramfs-tools_0.104.dsc
initramfs-tools_0.104.tar.gz
to main/i/initramfs-tools/initramfs-tools_0.104.tar.gz
initramfs-tools_0.104_all.deb
to main/i/initramfs-tools/initramfs-tools_0.104_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 655...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
maximilian attems <m...@debian.org> (supplier of updated initramfs-tools
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 06 Jun 2012 14:48:26 +0200
Source: initramfs-tools
Binary: initramfs-tools
Architecture: source all
Version: 0.104
Distribution: unstable
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: maximilian attems <m...@debian.org>
Description:
initramfs-tools - generic modular initramfs generator
Closes: 601324 652525 655175 660297 668616 670496 674484
Changes:
initramfs-tools (0.104) unstable; urgency=high
.
[ Michael Prokop ]
* [9e961c6] docs: clarify that PREREQ is only honored inside single
directory.
Thanks to Marc Haber <mh+debian-b...@zugschlus.de> for spotting thjs issue
(Closes: #601324)
.
[ maximilian attems ]
* [b60b440] debian/control: Depend on kmod or m-i-t.
* [f87e71b] hook-functions: handle rootfs output from mount(8).
(Closes: #668616)
* [042c5c9] init: tighten /run/initramfs permissions. (Closes: #655175)
* [df4ffdf] scripts/functions: panic() don't abort on modprobe failures.
(Closes: #674484)
.
[ Vagrant Cascadian ]
* [ddbdb4f] init: busybox's switch_root doesn't handle /proc or /sys moving.
(Closes: #660297)
.
[ Balwinder S Dheeman ]
* [3ff8ee6] init: fixes ignored $tmpfs_size. (Closes: #670496)
.
[ Josh Triplett ]
* [2c5c942] initramfs-tools: speed-up by avoiding forks in the per-module
hot path. (Closes: #652525)
Checksums-Sha1:
cbcfdeeb67bfcb7441c197b47dc675eff922f049 1052 initramfs-tools_0.104.dsc
1218b9ab4df1557ae4aa2180d46b8740b94af9f0 84519 initramfs-tools_0.104.tar.gz
57e7b2faada169f5978d64c936b4e2ce0d6aa4c9 91002 initramfs-tools_0.104_all.deb
Checksums-Sha256:
45c035c998f8c2ec5a8ca1f50df3e91b30f306bcf1c016bf38ec4806daae30d1 1052
initramfs-tools_0.104.dsc
6048b66aa067de06419c53353f632315b279eab957cd17157f83c3c60b670e6f 84519
initramfs-tools_0.104.tar.gz
7817d3b28de728e515078d3452efefb60136ac21ce8c5821fb46ef735f156f73 91002
initramfs-tools_0.104_all.deb
Files:
b0eadf22423992235c55d3a0ca49723d 1052 utils optional initramfs-tools_0.104.dsc
fb46dba7c1886c6020586d99ecfb7519 84519 utils optional
initramfs-tools_0.104.tar.gz
e6519d7618d6b7b1c7dc7678b98f3328 91002 utils optional
initramfs-tools_0.104_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/PU3gACgkQeW7Lc5tEHqhiigCgppHUxmZ5/fPynMyrvN2f3LgM
KPEAoIsA+bUqlyeP9sX0x+PK9LIWnYrs
=sjD3
-----END PGP SIGNATURE-----
--- End Message ---