Google Git
Sign in
android-kvm / linux / d7caa33687cea218b6d68beea89d10a45a901e19
commitd7caa33687cea218b6d68beea89d10a45a901e19[log] [tgz]
authorKees Cook <keescook@chromium.org>Wed Aug 09 20:43:17 2017 -0700
committerKees Cook <keescook@chromium.org>Thu Aug 17 16:28:37 2017 -0700
tree734350f4d0037478c7064db3a5f637ececc6fca7
parent520eccdfe187591a51ea9ab4c1a024ae4d0f68d9 [diff]
pstore: Make default pstorefs root dir perms 0750

Currently only DMESG and CONSOLE record types are protected, and it isn't
obvious that they are using a capability check. Instead switch to explicit
root directory mode of 0750 to keep files private by default. This will
allow the removal of the capability check, which was non-obvious and
forces a process to have possibly too much privilege when simple post-boot
chgrp for readers would be possible without it.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
1 file changed
tree: 734350f4d0037478c7064db3a5f637ececc6fca7
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README