[neon/neon/livecd-rootfs/Neon/release-lts] /: ubuntu-cpc: secure esp mountpoint (LP: #1881006)
Gauthier Jolly
null at kde.org
Mon Apr 12 11:02:00 BST 2021
Git commit 330720f6867351c366485ff1c9b5f743d3bb7215 by Gauthier Jolly.
Committed on 18/03/2021 at 10:10.
Pushed by jriddell into branch 'Neon/release-lts'.
ubuntu-cpc: secure esp mountpoint (LP: #1881006)
Change mount option for ubuntu-cpc images from "defaults" to
"umask=0077". ESP partitions might contain sensitive data and
non-root users shouldn't have read access on it.
M +9 -0 debian/changelog
M +1 -1 live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
https://invent.kde.org/neon/neon/livecd-rootfs/commit/330720f6867351c366485ff1c9b5f743d3bb7215
diff --git a/debian/changelog b/debian/changelog
index db70bc93..d2115f5d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+livecd-rootfs (2.664.19) UNRELEASED; urgency=medium
+
+ * ubuntu-cpc: secure esp mountpoint (LP: #1881006)
+ Change mount option for ubuntu-cpc images from "defaults" to "umask=0077"
+ ESP partitions might contain sensitive data and non-root users shouldn't
+ have read access on it.
+
+ -- Gauthier Jolly <gauthier.jolly at canonical.com> Wed, 17 Mar 2021 16:55:37 +0000
+
livecd-rootfs (2.664.18) focal; urgency=medium
[ Patrick Viafore ]
diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
index 25035316..e090a36f 100755
--- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
+++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary
@@ -94,7 +94,7 @@ create_and_mount_uefi_partition() {
mount "${uefi_dev}" "$mountpoint"/boot/efi
cat << EOF >> "mountpoint/etc/fstab"
-LABEL=UEFI /boot/efi vfat defaults 0 1
+LABEL=UEFI /boot/efi vfat umask=0077 0 1
EOF
}
More information about the Neon-commits
mailing list