On Fri, 2020-02-28 at 16:56 +0100, Michal Privoznik wrote:
+++ b/src/qemu/qemu_shim.c
@@ -158,6 +158,12 @@ int main(int argc, char **argv)
return 1;
}
tmproot = true;
+
+ if (chmod(root, S_IRWXU | S_IXGRP | S_IXOTH) < 0) {
I think this is unnecessarily restrictive: the directories that are
created right underneath root are all 0755, with the files themselves
being mostly 0600, so using 0711 here is only going to add a bit of
annoyance rather than actual security I think.
Also, and this is a personal preference so feel free to ignore it,
I would find using octal values directly more readable.
With a more permissive mode used,
Reviewed-by: Andrea Bolognani <abologna(a)redhat.com>
--
Andrea Bolognani / Red Hat / Virtualization