Skip to content
Commit d7caa336 authored by Kees Cook's avatar Kees Cook
Browse files

pstore: Make default pstorefs root dir perms 0750



Currently only DMESG and CONSOLE record types are protected, and it isn't
obvious that they are using a capability check. Instead switch to explicit
root directory mode of 0750 to keep files private by default. This will
allow the removal of the capability check, which was non-obvious and
forces a process to have possibly too much privilege when simple post-boot
chgrp for readers would be possible without it.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
parent 520eccdf
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment