diff options
author | Yi-Hung Wei <yihung.wei@gmail.com> | 2020-09-23 13:48:15 -0700 |
---|---|---|
committer | Ilya Maximets <i.maximets@ovn.org> | 2020-11-10 01:26:41 +0100 |
commit | 1090a949ac920b4e7ee901cee36008408a1c2386 (patch) | |
tree | 4321c2e2da082166c7ecda6aeea73de66491af2e /ovsdb/log.c | |
parent | 80e3becdc1eea9b92253a391c0071e6218dda7d8 (diff) | |
download | openvswitch-1090a949ac920b4e7ee901cee36008408a1c2386.tar.gz |
ovsdb: Remove read permission of *.db from others.
Currently, when ovsdb *.db is created by ovsdb-tool it grants read
permission to others. This may incur security concerns, for example,
IPsec Pre-shared keys are stored in ovs-vsitchd.conf.db.
This patch addresses the concerns by removing permission for others.
Reported-by: Antonin Bas <abas@vmware.com>
Acked-by: Mark Gray <mark.d.gray@redhat.com>
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ovsdb/log.c')
-rw-r--r-- | ovsdb/log.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ovsdb/log.c b/ovsdb/log.c index 41af77679..4a28fa3db 100644 --- a/ovsdb/log.c +++ b/ovsdb/log.c @@ -212,7 +212,7 @@ ovsdb_log_open(const char *name, const char *magic, if (!strcmp(name, "/dev/stdin") && open_mode == OVSDB_LOG_READ_ONLY) { fd = dup(STDIN_FILENO); } else { - fd = open(name, flags, 0666); + fd = open(name, flags, 0660); } if (fd < 0) { const char *op = (open_mode == OVSDB_LOG_CREATE_EXCL ? "create" |