Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-08-12 17:24:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

ubuntu-cpc: secure esp mountpoint (LP: #1881006)

Browse Source 
Change mount option for ubuntu-cpc images from "defaults" to
"umask=0077". ESP partitions might contain sensitive data and
non-root users shouldn't have read access on it.
This commit is contained in:
Gauthier Jolly 2021-03-17 17:01:12 +00:00
parent e77821bace
commit eef7feef4a
No known key found for this signature in database
GPG Key ID: 76941DD188ED73DF
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
debian/changelog vendored
View File

@ -1,3 +1,12 @@
livecd-rootfs (2.408.68) UNRELEASED; urgency=medium
* ubuntu-cpc: secure esp mountpoint (LP: #1881006)
Change mount option for ubuntu-cpc images from "defaults" to "umask=0077"
ESP partitions might contain sensitive data and non-root users shouldn't
have read access on it.
-- Gauthier Jolly <gauthier.jolly@canonical.com> Wed, 17 Mar 2021 16:55:37 +0000
livecd-rootfs (2.408.67) xenial; urgency=medium livecd-rootfs (2.408.67) xenial; urgency=medium
* Revert "esp: install grub in ubuntu bootloader id path, instead of * Revert "esp: install grub in ubuntu bootloader id path, instead of

2
live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
View File

@ -49,7 +49,7 @@ create_and_mount_uefi_partition() {
mount "${uefi_dev}" "$mountpoint"/boot/efi mount "${uefi_dev}" "$mountpoint"/boot/efi
cat << EOF >> "mountpoint/etc/fstab" cat << EOF >> "mountpoint/etc/fstab"
LABEL=UEFI /boot/efi vfat defaults 0 1 LABEL=UEFI /boot/efi vfat umask=0077 0 1
EOF EOF
} }