| From 4e5f9404fbe3ad0341595f27e6065fd044c7fc25 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 18 Aug 2021 11:24:50 -0400 |
| Subject: tracefs: Have tracefs directories not set OTH permission bits by |
| default |
| |
| From: Steven Rostedt (VMware) <rostedt@goodmis.org> |
| |
| [ Upstream commit 49d67e445742bbcb03106b735b2ab39f6e5c56bc ] |
| |
| The tracefs file system is by default mounted such that only root user can |
| access it. But there are legitimate reasons to create a group and allow |
| those added to the group to have access to tracing. By changing the |
| permissions of the tracefs mount point to allow access, it will allow |
| group access to the tracefs directory. |
| |
| There should not be any real reason to allow all access to the tracefs |
| directory as it contains sensitive information. Have the default |
| permission of directories being created not have any OTH (other) bits set, |
| such that an admin that wants to give permission to a group has to first |
| disable all OTH bits in the file system. |
| |
| Link: https://lkml.kernel.org/r/20210818153038.664127804@goodmis.org |
| |
| Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/tracefs/inode.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c |
| index 0caa151cae4ee..efe078fe5d4a9 100644 |
| --- a/fs/tracefs/inode.c |
| +++ b/fs/tracefs/inode.c |
| @@ -427,7 +427,8 @@ static struct dentry *__create_dir(const char *name, struct dentry *parent, |
| if (unlikely(!inode)) |
| return failed_creating(dentry); |
| |
| - inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; |
| + /* Do not set bits for OTH */ |
| + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP; |
| inode->i_op = ops; |
| inode->i_fop = &simple_dir_operations; |
| |
| -- |
| 2.33.0 |
| |