diff options
| author | Etienne CHAMPETIER <champetier.etienne@gmail.com> | 2016-06-16 08:09:15 +0000 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2016-06-17 00:58:34 +0200 |
| commit | 7104a2b149f0a870ec36ddff90b5f6a22c0d398d (patch) | |
| tree | a475b7de8f57cd48105ce86504a5111b2bd8af57 /initd/early.c | |
| parent | b8eb07c22fc5f3dea04d9843e8fd6d2eac6e61fa (diff) | |
| download | procd-7104a2b149f0a870ec36ddff90b5f6a22c0d398d.tar.gz | |
make /var/{run, lock, state} not world writable (0755)
since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013)
/var/{run,lock,state} are world writable (0777) which is a security issue
before that they were created by /etc/init.d/boot with normal
permissions (0755), so revert to that state
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Diffstat (limited to 'initd/early.c')
| -rw-r--r-- | initd/early.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/initd/early.c b/initd/early.c index accfc1d..bf519f6 100644 --- a/initd/early.c +++ b/initd/early.c @@ -73,9 +73,9 @@ early_mounts(void) mount("tmpfs", "/tmp/shm", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOATIME, "mode=01777"); } - mkdir("/tmp/run", 0777); - mkdir("/tmp/lock", 0777); - mkdir("/tmp/state", 0777); + mkdir("/tmp/run", 0755); + mkdir("/tmp/lock", 0755); + mkdir("/tmp/state", 0755); umask(oldumask); } |