All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] tools: create XEN_DUMP_DIR with mode 0700
@ 2015-10-21 14:15 Wei Liu
  2015-10-22 16:32 ` Ian Campbell
  0 siblings, 1 reply; 4+ messages in thread
From: Wei Liu @ 2015-10-21 14:15 UTC (permalink / raw)
  To: Xen-devel; +Cc: Wei Liu, Ian Jackson, Ian Campbell, Stefano Stabellini

That directory is used to store guest memory dump which contains
sensitive information.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/Makefile b/tools/Makefile
index 2618559..820ca40 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -58,7 +58,7 @@ build all: subdirs-all
 
 .PHONY: install
 install: subdirs-install
-	$(INSTALL_DIR) $(DESTDIR)$(XEN_DUMP_DIR)
+	$(INSTALL_DIR) -m 700 $(DESTDIR)$(XEN_DUMP_DIR)
 	$(INSTALL_DIR) $(DESTDIR)/var/log/xen
 	$(INSTALL_DIR) $(DESTDIR)/var/lib/xen
 
-- 
2.1.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] tools: create XEN_DUMP_DIR with mode 0700
  2015-10-21 14:15 [PATCH] tools: create XEN_DUMP_DIR with mode 0700 Wei Liu
@ 2015-10-22 16:32 ` Ian Campbell
  2015-10-26 17:15   ` Wei Liu
  2015-11-03 17:00   ` Ian Campbell
  0 siblings, 2 replies; 4+ messages in thread
From: Ian Campbell @ 2015-10-22 16:32 UTC (permalink / raw)
  To: Wei Liu, Xen-devel; +Cc: Ian Jackson, Stefano Stabellini

On Wed, 2015-10-21 at 15:15 +0100, Wei Liu wrote:
> That directory is used to store guest memory dump which contains
> sensitive information.
> 
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>

Acked-by: Ian Campbell <ian.campbell@citrix.com>

Have you audited all the paths we create and determined that this is the
only one which needs adjusting in this way?

OOI, what lead you to be concerned about the permissions on the directories
we are creating (first the xenpaging one, now this)?

Ian.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] tools: create XEN_DUMP_DIR with mode 0700
  2015-10-22 16:32 ` Ian Campbell
@ 2015-10-26 17:15   ` Wei Liu
  2015-11-03 17:00   ` Ian Campbell
  1 sibling, 0 replies; 4+ messages in thread
From: Wei Liu @ 2015-10-26 17:15 UTC (permalink / raw)
  To: Ian Campbell; +Cc: Xen-devel, Wei Liu, Ian Jackson, Stefano Stabellini

On Thu, Oct 22, 2015 at 05:32:57PM +0100, Ian Campbell wrote:
> On Wed, 2015-10-21 at 15:15 +0100, Wei Liu wrote:
> > That directory is used to store guest memory dump which contains
> > sensitive information.
> > 
> > Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> 
> Acked-by: Ian Campbell <ian.campbell@citrix.com>
> 
> Have you audited all the paths we create and determined that this is the
> only one which needs adjusting in this way?
> 

No, I haven't audited all paths. I fixed this as I noticed it needed
fixing.

> OOI, what lead you to be concerned about the permissions on the directories
> we are creating (first the xenpaging one, now this)?
> 

I noticed the permission of xenpaging and dumpdir were different when I
was doing some random things.  And I wrongly assumed that xenpaging
directory should be fixed. Now this patch does the right thing -- it's
dumpdir's permission that should be fixed.

Wei.

> Ian.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] tools: create XEN_DUMP_DIR with mode 0700
  2015-10-22 16:32 ` Ian Campbell
  2015-10-26 17:15   ` Wei Liu
@ 2015-11-03 17:00   ` Ian Campbell
  1 sibling, 0 replies; 4+ messages in thread
From: Ian Campbell @ 2015-11-03 17:00 UTC (permalink / raw)
  To: Wei Liu, Xen-devel; +Cc: Ian Jackson, Stefano Stabellini

On Thu, 2015-10-22 at 17:32 +0100, Ian Campbell wrote:
> On Wed, 2015-10-21 at 15:15 +0100, Wei Liu wrote:
> > That directory is used to store guest memory dump which contains
> > sensitive information.
> > 
> > Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> 
> Acked-by: Ian Campbell <ian.campbell@citrix.com>

Applied.

> Have you audited all the paths we create and determined that this is the
> only one which needs adjusting in this way?
> 
> OOI, what lead you to be concerned about the permissions on the
> directories
> we are creating (first the xenpaging one, now this)?

Thanks for your reply to this bit.

Ian.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-11-03 17:01 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-21 14:15 [PATCH] tools: create XEN_DUMP_DIR with mode 0700 Wei Liu
2015-10-22 16:32 ` Ian Campbell
2015-10-26 17:15   ` Wei Liu
2015-11-03 17:00   ` Ian Campbell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.