From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753388AbdHJUgk (ORCPT ); Thu, 10 Aug 2017 16:36:40 -0400 Received: from mail-pg0-f46.google.com ([74.125.83.46]:34758 "EHLO mail-pg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752950AbdHJUgi (ORCPT ); Thu, 10 Aug 2017 16:36:38 -0400 From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Nick Kralevich , Sebastian Schmidt , Tony Luck , Anton Vorontsov , Colin Cross , Petr Mladek , Sergey Senozhatsky , Steven Rostedt , Patrick Tjin , Mark Salyzyn Subject: [PATCH 1/2] pstore: Make default pstorefs root dir perms 0750 Date: Thu, 10 Aug 2017 13:36:34 -0700 Message-Id: <1502397395-118652-2-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1502397395-118652-1-git-send-email-keescook@chromium.org> References: <1502397395-118652-1-git-send-email-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently only DMESG and CONSOLE record types are protected, and it isn't obvious that they are using a capability check. Instead switch to explicit root directory mode of 0750 to keep files private by default. This will allow the removal of the capability check, which was non-obvious and forces a process to have possibly too much privilege when simple post-boot chgrp for readers would be possible without it. Signed-off-by: Kees Cook --- fs/pstore/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c index fefd22611cf6..f1e88b695090 100644 --- a/fs/pstore/inode.c +++ b/fs/pstore/inode.c @@ -471,7 +471,7 @@ static int pstore_fill_super(struct super_block *sb, void *data, int silent) inode = pstore_get_inode(sb); if (inode) { - inode->i_mode = S_IFDIR | 0755; + inode->i_mode = S_IFDIR | 0750; inode->i_op = &pstore_dir_inode_operations; inode->i_fop = &simple_dir_operations; inc_nlink(inode); -- 2.7.4