[PATCH 1/2] qemu_shim: Allow other users to enter the root dir
Andrea Bolognani
abologna at redhat.com
Thu Mar 5 09:00:08 UTC 2020
On Fri, 2020-02-28 at 16:56 +0100, Michal Privoznik wrote:
> +++ b/src/qemu/qemu_shim.c
> @@ -158,6 +158,12 @@ int main(int argc, char **argv)
> return 1;
> }
> tmproot = true;
> +
> + if (chmod(root, S_IRWXU | S_IXGRP | S_IXOTH) < 0) {
I think this is unnecessarily restrictive: the directories that are
created right underneath root are all 0755, with the files themselves
being mostly 0600, so using 0711 here is only going to add a bit of
annoyance rather than actual security I think.
Also, and this is a personal preference so feel free to ignore it,
I would find using octal values directly more readable.
With a more permissive mode used,
Reviewed-by: Andrea Bolognani <abologna at redhat.com>
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list