From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 29 Jun 2013 16:27:24 +0000 (+0100)
Subject: debian/udpkey.initramfs-hook: Ensure seed is not publicly readable.
X-Git-Tag: 1.0.1~2
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/udpkey/commitdiff_plain/f3d1f95d4aed8e1cd02046650c17dd7a7bdbd952

debian/udpkey.initramfs-hook: Ensure seed is not publicly readable.
---

diff --git a/debian/udpkey.initramfs-hook b/debian/udpkey.initramfs-hook
index 33be1c4..0f3abf4 100755
--- a/debian/udpkey.initramfs-hook
+++ b/debian/udpkey.initramfs-hook
@@ -15,4 +15,5 @@ esac
 
 copy_exec /usr/bin/udpkey
 cp -r /etc/udpkey $DESTDIR/etc/
-dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32
+
+(umask 077 && dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32)