cloud-initramfs-tools

Merge lp://staging/~smoser/cloud-initramfs-tools/trunk.lp1641678 into lp://staging/cloud-initramfs-tools

  1. trunk.lp1641678
  2. Merge into trunk
Proposed by Scott Moser
Status: Merged
Merged at revision: 130
Proposed branch: lp://staging/~smoser/cloud-initramfs-tools/trunk.lp1641678
Merge into: lp://staging/cloud-initramfs-tools
Diff against target: 44 lines (+12/-6)
2 files modified
overlayroot/etc/overlayroot.conf (+2/-0)
overlayroot/scripts/init-bottom/overlayroot (+10/-6)
To merge this branch: bzr merge lp://staging/~smoser/cloud-initramfs-tools/trunk.lp1641678
Reviewer Review Type Date Requested Status
Seth Arnold (community) Approve
Dustin Kirkland  Needs Information
cloud-initramfs-tools Pending
Review via email: mp+310796@code.staging.launchpad.net

Commit message

overlayroot: write the password to consistent filename

Previously, when overlayroot=crypt was used, and no password was
provided, the password was stored to a filename in /run/initramfs/
named overlayroot.XXXXXX. The XXXXXX template was random.

This just made it more difficult to read that password file.

Now, we publish the passfile as /run/initramfs/overlayroot.passwd.
Note, that by design the password file name fits into the template's
possible filenames. This means that if a tool was looking for
 /run/initramfs/overlayroot.??????
then it would find
 /run/initramfs/overlayroot.passwd

To post a comment you must log in.
lp://staging/~smoser/cloud-initramfs-tools/trunk.lp1641678 updated
131. By Scott Moser

name file to overlayroot.passwd to match previous template.

overlayroot.passwd is a (unlikely but) possible name that could
have been produced by mktemp. So, anyone looking defensively for
a file matching 'overlayroot.??????' will also now match
overlayroot.passwd.

The new name thus seems more suitable for stable release update.

132. By Scott Moser

update doc to reference password file

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

It's okay with me, but you might want to ask the security team (Tyler, Marc, Jamie?) to review. There are attacks against insecurely created temporary files: https://www.owasp.org/index.php/Insecure_Temporary_File I think what you're doing here is okay, since you're creating the temporary file, and then renaming it to the common name. But I do recommend you check with them.

review: Needs Information
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Looks good to me:

- $entropy_sources includes several kernel-provided randomness sources, and reasonable efforts to protect against weak kernel rng
- ${PERSIST_DIR} is created early in the script so the mktemp(1) call shouldn't fail
- the temporary file and the final file are on the same device so mv(1) should be atomic

Thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches