[Xen-changelog] [xen staging] tools: init scripts: make XEN_RUN_DIR and XEN_LOCK_DIR mode 700

[patchbot@xxxxxxx]

commit 7b5278b28f8fbcd4402e4520d7a5d607d4a997a7
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Thu Feb 7 15:02:27 2019 +0000
Commit:     Wei Liu <wei.liu2@xxxxxxxxxx>
CommitDate: Thu Feb 7 18:44:36 2019 +0000

    tools: init scripts: make XEN_RUN_DIR and XEN_LOCK_DIR mode 700
    
    These directories ought not to be even world-readable.  If this script
    for some reason runs with a lax umask they might be created
    overly-writeable.  Avoid any such bug by setting the mode explicitly.
    
    Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
    Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    Release-acked-by: Juergen Gross <jgross@xxxxxxxx>
---
 tools/hotplug/Linux/init.d/xencommons.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/hotplug/Linux/init.d/xencommons.in 
b/tools/hotplug/Linux/init.d/xencommons.in
index aa62e4c92f..7fd6903b98 100644
--- a/tools/hotplug/Linux/init.d/xencommons.in
+++ b/tools/hotplug/Linux/init.d/xencommons.in
@@ -56,8 +56,8 @@ do_start () {
 
        for mod in $BACKEND_MODULES ; do modprobe "$mod" &>/dev/null ; done
 
-       mkdir -p ${XEN_RUN_DIR}
-       mkdir -p ${XEN_LOCK_DIR}
+       mkdir -m700 -p ${XEN_RUN_DIR}
+       mkdir -m700 -p ${XEN_LOCK_DIR}
        mkdir -p ${XEN_LOG_DIR}
 
        @XEN_SCRIPT_DIR@/launch-xenstore || exit 1
--
generated by git-patchbot for /home/xen/git/xen.git#staging

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog