Comment 3 for bug 1390183

OK, This seems to affect Ubuntu 14.10, but not Ubuntu 14.04 LTS. Here is why:

partman-efi creates the fstab entry with "defaults" as the mount option.

The mount(8) man page states, for fat:

umask=value
              Set the umask (the bitmask of the permissions that are not present). The default is the umask of the current process.

mountall in daemon mode sets umask to 0.

Ubuntu 14.10's mount tool properly honours mountall's umask, which is 0, and results in incorrect permissions on /boot/efi.
Ubuntu 14.04's mount tool unconditionally sets umask to 022, contrary to documented behaviour, and results in good permissions on /boot/efi.

Fix proposal for 14.10 and later:
1- Modify mountall to not override umask, but to use whatever it inherited from upstart, which should be 022.
2- Modify partman-efi to create the fstab entry with a forced umask. (This is for new installs only, and is additional hardening on top of #1)