FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel
Reload this Page Bug#655175: initramfs-tools: /run/initramfs is user-writable

 
 
LinkBack Thread Tools
 
Old 01-08-2012, 10:46 PM
Roger Leigh
 
Default Bug#655175: initramfs-tools: /run/initramfs is user-writable
Package: initramfs-tools
Version: 0.99
Severity: important

% ls -ld /run/initramfs
drwsrwsrwt 2 root root 40 Jan 8 23:42 /run/initramfs

Is there any reason for this directory to be user-writable either
before or after the handover to /sbin/init? AFAIK all the code
run in the initramfs is as root, and no users really exist at this
point, making the need for a user to write to it moot. After the

When the system is booted and users can log in, there is nothing
to stop a user denial of service by filling up /run through the
creation of files in /run/initramfs. I can't think of any valid
reason to give a user write access to a filesystem only intended
to be writable by system processes.

I would suggest creating it with 0755 permissions for safety and
security.


Regards,
Roger

-- Package-specific info:
-- initramfs sizes
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.1.0-1-amd64 root=/dev/mapper/ravenclaw-root ro

-- resume
RESUME=/dev/mapper/ravenclaw-swap
-- /proc/filesystems
btrfs
ext4
fuseblk

-- lsmod
Module Size Used by
tun 18337 2
sit 17561 0
tunnel4 12629 1 sit
parport_pc 22364 0
ppdev 12763 0
lp 17149 0
parport 31858 3 parport_pc,ppdev,lp
acpi_cpufreq 12935 1
mperf 12453 1 acpi_cpufreq
cpufreq_powersave 12454 0
cpufreq_stats 12866 0
cpufreq_conservative 13147 0
cpufreq_userspace 12576 0
binfmt_misc 12957 1
fuse 61981 1
nfsd 259717 2
nfs 312135 0
lockd 67328 2 nfsd,nfs
fscache 36739 1 nfs
auth_rpcgss 37143 2 nfsd,nfs
nfs_acl 12511 2 nfsd,nfs
sunrpc 173516 6 nfsd,nfs,lockd,auth_rpcgss,nfs_acl
dm_snapshot 32737 5
loop 22597 0
firewire_sbp2 18077 0
kvm_intel 121792 0
kvm 278183 1 kvm_intel
snd_hda_codec_hdmi 26548 1
snd_hda_codec_analog 77709 1
snd_hda_intel 26182 0
snd_hda_codec 72920 3 snd_hda_codec_hdmi,snd_hda_codec_analog,snd_hda_in tel
snd_hwdep 13186 1 snd_hda_codec
snd_pcm_oss 41081 0
snd_mixer_oss 17916 1 snd_pcm_oss
snd_pcm 63744 4 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd _pcm_oss
snd_seq_midi 12848 0
snd_rawmidi 23060 1 snd_seq_midi
snd_seq_midi_event 13316 1 snd_seq_midi
radeon 648863 2
snd_seq 45093 2 snd_seq_midi,snd_seq_midi_event
ttm 48725 1 radeon
drm_kms_helper 27227 1 radeon
drm 167371 4 radeon,ttm,drm_kms_helper
snd_timer 22917 2 snd_pcm,snd_seq
snd_seq_device 13176 3 snd_seq_midi,snd_rawmidi,snd_seq
i2c_i801 16870 0
i2c_algo_bit 12841 1 radeon
snd 52798 12 snd_hda_codec_hdmi,snd_hda_codec_analog,snd_hda_in tel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_ oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_ device
processor 27949 1 acpi_cpufreq
iTCO_wdt 17081 0
iTCO_vendor_support 12704 1 iTCO_wdt
soundcore 13065 1 snd
i2c_core 23876 5 radeon,drm_kms_helper,drm,i2c_i801,i2c_algo_bit
psmouse 55543 0
thermal_sys 18040 1 processor
evdev 17562 3
pcspkr 12579 0
snd_page_alloc 13003 2 snd_hda_intel,snd_pcm
power_supply 13475 1 radeon
serio_raw 12850 0
asus_atk0110 17297 0
button 12937 0
ext4 312988 5
mbcache 13065 1 ext4
jbd2 62015 1 ext4
crc16 12343 1 ext4
btrfs 478019 1
zlib_deflate 25638 1 btrfs
crc32c 12656 1
libcrc32c 12426 1 btrfs
dm_mod 63353 49 dm_snapshot
raid1 30716 1
md_mod 87742 2 raid1
sr_mod 21899 0
cdrom 35401 1 sr_mod
sd_mod 36136 6
crc_t10dif 12348 1 sd_mod
usbhid 36379 0
hid 77192 1 usbhid
uhci_hcd 26865 0
ahci 24997 4
libahci 22860 1 ahci
libata 140545 2 ahci,libahci
firewire_ohci 31530 0
skge 40815 0
firewire_core 48407 2 firewire_sbp2,firewire_ohci
crc_itu_t 12347 1 firewire_core
ehci_hcd 40215 0
sky2 45309 0
scsi_mod 162376 4 firewire_sbp2,sr_mod,sd_mod,libata
usbcore 124095 4 usbhid,uhci_hcd,ehci_hcd

-- /etc/initramfs-tools/modules

-- /etc/kernel-img.conf
# Kernel image management overrides
# See kernel-img.conf(5) for details
do_symlinks = yes
do_bootloader = no
do_initrd = yes
link_in_boot = no

-- /etc/initramfs-tools/initramfs.conf
MODULES=most
BUSYBOX=y
KEYMAP=n
COMPRESS=gzip
BOOT=local
DEVICE=
NFSROOT=auto

-- /etc/initramfs-tools/update-initramfs.conf
update_initramfs=yes
backup_initramfs=no

-- /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sdb3[0] sda3[1]
976752504 blocks super 1.2 [2/2] [UU]

unused devices: <none>

-- mkinitramfs hooks
/etc/initramfs-tools/hooks/:

/usr/share/initramfs-tools/hooks:
btrfs
busybox
dmsetup
fuse
keymap
klibc
lvm2
mdadm
ntfs_3g
thermal
udev


-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (550, 'unstable'), (500, 'testing'), (400, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages initramfs-tools depends on:
ii cpio 2.11-7
ii findutils 4.4.2-4
ii klibc-utils 1.5.25-1.1
ii module-init-tools 3.16-1
ii udev 175-3

Versions of packages initramfs-tools recommends:
ii busybox 1:1.19.3-5

Versions of packages initramfs-tools suggests:
ii bash-completion 1:1.3-1

-- no debconf information



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120108234610.7018.84953.reportbug@ravenclaw.code libre.net">http://lists.debian.org/20120108234610.7018.84953.reportbug@ravenclaw.code libre.net
 

Thread Tools




All times are GMT. The time now is 10:02 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -