diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2017-04-21 00:43:29 +0000 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2017-04-21 00:43:29 +0000 |
| commit | 35ba272c86f5d5cd625725c10d8494e606bfb938 (patch) | |
| tree | 08b1a8f9e7e8f7cd3f2e9d400de167d59c62bef2 | |
| parent | 684462312d2f1cb47abe54ec06dee6f9b6a30825 (diff) | |
| download | lightdm-git-35ba272c86f5d5cd625725c10d8494e606bfb938.tar.gz | |
Explicitly set file mode when creating guest home directory
The fix for CVE-2017-7358 (bzr commit 2478) adjusted the guest home
directory creation to use mkdir in some instances. In those instances,
the home directory is world readable for a short amount of time before
tmpfs is mounted on top of the directory with a 700 file mode. There is
no information leak here since data isn't written to the directory
before the tmpfs mount occurs but it is best to ask mkdir to set the
file mode to 700 from the start.
Thanks to Alexander Peslyak (Solar Designer) for catching this mistake.
| -rw-r--r-- | debian/guest-account.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/guest-account.sh b/debian/guest-account.sh index f618390b..6708de2f 100644 --- a/debian/guest-account.sh +++ b/debian/guest-account.sh @@ -36,7 +36,7 @@ add_account () GUEST_HOME=$(echo ${temp_home} | tr '[:upper:]' '[:lower:]') GUEST_USER=${GUEST_HOME#/tmp/} if [ "${GUEST_HOME}" != "${temp_home}" ]; then - mkdir "${GUEST_HOME}" || { + mkdir -m 700 "${GUEST_HOME}" || { echo "Failed to create ${GUEST_USER}'s home directory (${GUEST_HOME})" exit 1 } |