| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Aug 2017 13:36:33 -0700
From: Kees Cook <keescook@...omium.org>
To: linux-kernel@...r.kernel.org
Cc: Kees Cook <keescook@...omium.org>, Nick Kralevich <nnk@...gle.com>,
Sebastian Schmidt <yath@...h.de>,
Tony Luck <tony.luck@...el.com>,
Anton Vorontsov <anton@...msg.org>,
Colin Cross <ccross@...roid.com>,
Petr Mladek <pmladek@...e.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Patrick Tjin <pattjin@...gle.com>,
Mark Salyzyn <salyzyn@...gle.com>
Subject: [PATCH 0/2] pstore: Make default pstorefs root dir perms 0750
Nick Kralevich pointed out that it was rather problematic to check
capabilities when reading some pstore files. Instead, opt for a more
configurable DAC approach, but retain the general protection by making the
pstorefs root directory mode 0750. It was 0755, but most crash-handlers
will also be performing unlink operations (which DAC would require a
root uid perm for already), so this shouldn't affect anyone, but rather
make permissions more flexible.
-Kees
Powered by blists - more mailing lists