From: Mike Frysinger <vapier@gentoo.org>
To: "Wayne R. Roth" <wayneroth42@gmail.com>
Cc: util-linux@vger.kernel.org
Subject: Re: [PATCH] mkswap: Add warnings for insecure device permissions/owners
Date: Tue, 19 Jan 2016 14:44:43 -0500 [thread overview]
Message-ID: <20160119194443.GD14840@vapier.lan> (raw)
In-Reply-To: <1453228626-18667-1-git-send-email-wayneroth42@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 940 bytes --]
On 19 Jan 2016 10:37, Wayne R. Roth wrote:
> + permMask = S_ISBLK(ctl.devstat.st_mode) ? 07007 : 07077;
> + if ((ctl.devstat.st_mode & permMask) != 0)
> + warnx(_("%s: insecure permissions %04o, %04o suggested."),
> + ctl.devname, ctl.devstat.st_mode & 07777,
> + ~permMask & 0666);
> + if (S_ISREG(ctl.devstat.st_mode) && ctl.devstat.st_uid != 0)
> + warnx(_("%s: insecure file owner %d, 0 (root) suggested."),
> + ctl.devname, ctl.devstat.st_uid);
i haven't read/tested the code, so my assumptions might be off, but this
seems to complain even when creating files as non-root. mkswap should
not do that. a perfectly reasonable use case is to create images as a
non-root user for use with something like qemu.
maybe you want to add a getuid() check in there, or scuttle it altogether.
-mike
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-01-19 19:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-19 18:37 [PATCH] mkswap: Add warnings for insecure device permissions/owners Wayne R. Roth
2016-01-19 19:44 ` Mike Frysinger [this message]
2016-01-20 4:17 ` [PATCH] mkswap: Add warnings for insecure device permissions/owners Logic modified from sys-utils/swapon.c Wayne R. Roth
2016-01-20 4:58 ` Mike Frysinger
2016-01-20 6:09 ` [PATCH] mkswap: add " Wayne R. Roth
2016-01-26 10:35 ` Karel Zak
2016-01-20 9:39 ` [PATCH] mkswap: Add warnings for insecure device permissions/owners Sami Kerola
2016-01-20 10:30 ` Karel Zak
2016-01-21 22:19 ` Sarah Newman
2016-01-22 16:01 ` Tilman Schmidt
2016-01-22 19:14 ` Sarah Newman
2016-01-22 22:03 ` Sami Kerola
2016-01-23 16:22 ` Karel Zak
2016-01-24 11:09 ` Sami Kerola
2016-01-25 19:55 ` Sami Kerola
2016-01-26 10:42 ` Karel Zak
2016-01-26 16:28 ` Sarah Newman
2016-01-25 21:39 ` Sarah Newman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160119194443.GD14840@vapier.lan \
--to=vapier@gentoo.org \
--cc=util-linux@vger.kernel.org \
--cc=wayneroth42@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.