From: Kees Cook Date: Thu, 10 Aug 2017 03:43:17 +0000 (-0700) Subject: pstore: Make default pstorefs root dir perms 0750 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d7caa33687cea218b6d68beea89d10a45a901e19;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git pstore: Make default pstorefs root dir perms 0750 Currently only DMESG and CONSOLE record types are protected, and it isn't obvious that they are using a capability check. Instead switch to explicit root directory mode of 0750 to keep files private by default. This will allow the removal of the capability check, which was non-obvious and forces a process to have possibly too much privilege when simple post-boot chgrp for readers would be possible without it. Signed-off-by: Kees Cook Reviewed-by: Sergey Senozhatsky --- diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c index fefd22611cf6..f1e88b695090 100644 --- a/fs/pstore/inode.c +++ b/fs/pstore/inode.c @@ -471,7 +471,7 @@ static int pstore_fill_super(struct super_block *sb, void *data, int silent) inode = pstore_get_inode(sb); if (inode) { - inode->i_mode = S_IFDIR | 0755; + inode->i_mode = S_IFDIR | 0750; inode->i_op = &pstore_dir_inode_operations; inode->i_fop = &simple_dir_operations; inc_nlink(inode);