summaryrefslogtreecommitdiffstats
path: root/fs/tracefs
diff options
context:
space:
mode:
authorSteven Rostedt (VMware) <rostedt@goodmis.org>2021-08-18 11:24:50 -0400
committerSteven Rostedt (VMware) <rostedt@goodmis.org>2021-10-08 18:08:43 -0400
commit49d67e445742bbcb03106b735b2ab39f6e5c56bc (patch)
tree4d359f106527a54a2f02b43d277b542461fb4bee /fs/tracefs
parentb30a779d5c557e99b93917f33d441948c9aead97 (diff)
downloadlinux-stable-49d67e445742bbcb03106b735b2ab39f6e5c56bc.tar.gz
linux-stable-49d67e445742bbcb03106b735b2ab39f6e5c56bc.tar.bz2
linux-stable-49d67e445742bbcb03106b735b2ab39f6e5c56bc.zip
tracefs: Have tracefs directories not set OTH permission bits by default
The tracefs file system is by default mounted such that only root user can access it. But there are legitimate reasons to create a group and allow those added to the group to have access to tracing. By changing the permissions of the tracefs mount point to allow access, it will allow group access to the tracefs directory. There should not be any real reason to allow all access to the tracefs directory as it contains sensitive information. Have the default permission of directories being created not have any OTH (other) bits set, such that an admin that wants to give permission to a group has to first disable all OTH bits in the file system. Link: https://lkml.kernel.org/r/20210818153038.664127804@goodmis.org Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Diffstat (limited to 'fs/tracefs')
-rw-r--r--fs/tracefs/inode.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
index 1261e8b41edb..925a621b432e 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -432,7 +432,8 @@ static struct dentry *__create_dir(const char *name, struct dentry *parent,
if (unlikely(!inode))
return failed_creating(dentry);
- inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
+ /* Do not set bits for OTH */
+ inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP;
inode->i_op = ops;
inode->i_fop = &simple_dir_operations;