~mdw / udpkey / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
debian/udpkey.initramfs-hook: Ensure seed is not publicly readable.
[udpkey] / debian / udpkey.initramfs-hook
diff --git a/debian/udpkey.initramfs-hook b/debian/udpkey.initramfs-hook
index 33be1c4..0f3abf4 100755 (executable)
--- a/debian/udpkey.initramfs-hook
+++ b/debian/udpkey.initramfs-hook
@@ -15,4 +15,5 @@ esac
 
 copy_exec /usr/bin/udpkey
 cp -r /etc/udpkey $DESTDIR/etc/
-dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32
+
+(umask 077 && dd if=/dev/random of=$DESTDIR/etc/udpkey/seed bs=1 count=32)
Transmit and receive cryptographic keys over UDP; useful during boot.