[arch-releng] [PATCH 1/1] limit access to cow directory
From: Christian Hesse <mail@eworm.de> Signed-off-by: Christian Hesse <mail@eworm.de> --- archiso/initcpio/hooks/archiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso index fcfe820..b02d9f8 100644 --- a/archiso/initcpio/hooks/archiso +++ b/archiso/initcpio/hooks/archiso @@ -172,7 +172,7 @@ archiso_mount_handler() { mkdir -p /run/archiso/cowspace mount -t tmpfs -o "size=${cow_spacesize}",mode=0755 cowspace /run/archiso/cowspace fi - mkdir -p "/run/archiso/cowspace/${cow_directory}" + mkdir -p -m 0700 "/run/archiso/cowspace/${cow_directory}" _mnt_sfs "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs" "/run/archiso/sfs/airootfs" if [[ -f "/run/archiso/sfs/airootfs/airootfs.img" ]]; then -- 2.4.0
Christian Hesse <list@eworm.de> on Wed, 2015/05/06 10:12:
From: Christian Hesse <mail@eworm.de>
Signed-off-by: Christian Hesse <mail@eworm.de> --- archiso/initcpio/hooks/archiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso index fcfe820..b02d9f8 100644 --- a/archiso/initcpio/hooks/archiso +++ b/archiso/initcpio/hooks/archiso @@ -172,7 +172,7 @@ archiso_mount_handler() { mkdir -p /run/archiso/cowspace mount -t tmpfs -o "size=${cow_spacesize}",mode=0755 cowspace /run/archiso/cowspace fi - mkdir -p "/run/archiso/cowspace/${cow_directory}" + mkdir -p -m 0700 "/run/archiso/cowspace/${cow_directory}"
_mnt_sfs "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs" "/run/archiso/sfs/airootfs" if [[ -f "/run/archiso/sfs/airootfs/airootfs.img" ]]; then
Now that you merged my other patches... How about this one? I think not giving non-root users access to the cow directory is a good idea, no? -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
On 05/29/2015 02:27 PM, Christian Hesse wrote:
Christian Hesse <list@eworm.de> on Wed, 2015/05/06 10:12:
From: Christian Hesse <mail@eworm.de>
Signed-off-by: Christian Hesse <mail@eworm.de> --- archiso/initcpio/hooks/archiso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso index fcfe820..b02d9f8 100644 --- a/archiso/initcpio/hooks/archiso +++ b/archiso/initcpio/hooks/archiso @@ -172,7 +172,7 @@ archiso_mount_handler() { mkdir -p /run/archiso/cowspace mount -t tmpfs -o "size=${cow_spacesize}",mode=0755 cowspace /run/archiso/cowspace fi - mkdir -p "/run/archiso/cowspace/${cow_directory}" + mkdir -p -m 0700 "/run/archiso/cowspace/${cow_directory}"
_mnt_sfs "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs" "/run/archiso/sfs/airootfs" if [[ -f "/run/archiso/sfs/airootfs/airootfs.img" ]]; then
Now that you merged my other patches... How about this one? I think not giving non-root users access to the cow directory is a good idea, no?
oops, I missed this one. Thanks.
participants (2)
-
Christian Hesse
-
Gerardo Exequiel Pozzi