Re: [Xen-devel] [PATCH] tools: create XEN_DUMP_DIR with mode 0700
On Thu, 2015-10-22 at 17:32 +0100, Ian Campbell wrote: > On Wed, 2015-10-21 at 15:15 +0100, Wei Liu wrote: > > That directory is used to store guest memory dump which contains > > sensitive information. > > > > Signed-off-by: Wei Liu> > Acked-by: Ian Campbell Applied. > Have you audited all the paths we create and determined that this is the > only one which needs adjusting in this way? > > OOI, what lead you to be concerned about the permissions on the > directories > we are creating (first the xenpaging one, now this)? Thanks for your reply to this bit. Ian. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH] tools: create XEN_DUMP_DIR with mode 0700
On Thu, Oct 22, 2015 at 05:32:57PM +0100, Ian Campbell wrote: > On Wed, 2015-10-21 at 15:15 +0100, Wei Liu wrote: > > That directory is used to store guest memory dump which contains > > sensitive information. > > > > Signed-off-by: Wei Liu> > Acked-by: Ian Campbell > > Have you audited all the paths we create and determined that this is the > only one which needs adjusting in this way? > No, I haven't audited all paths. I fixed this as I noticed it needed fixing. > OOI, what lead you to be concerned about the permissions on the directories > we are creating (first the xenpaging one, now this)? > I noticed the permission of xenpaging and dumpdir were different when I was doing some random things. And I wrongly assumed that xenpaging directory should be fixed. Now this patch does the right thing -- it's dumpdir's permission that should be fixed. Wei. > Ian. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH] tools: create XEN_DUMP_DIR with mode 0700
On Wed, 2015-10-21 at 15:15 +0100, Wei Liu wrote: > That directory is used to store guest memory dump which contains > sensitive information. > > Signed-off-by: Wei LiuAcked-by: Ian Campbell Have you audited all the paths we create and determined that this is the only one which needs adjusting in this way? OOI, what lead you to be concerned about the permissions on the directories we are creating (first the xenpaging one, now this)? Ian. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
[Xen-devel] [PATCH] tools: create XEN_DUMP_DIR with mode 0700
That directory is used to store guest memory dump which contains sensitive information. Signed-off-by: Wei Liu--- tools/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Makefile b/tools/Makefile index 2618559..820ca40 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -58,7 +58,7 @@ build all: subdirs-all .PHONY: install install: subdirs-install - $(INSTALL_DIR) $(DESTDIR)$(XEN_DUMP_DIR) + $(INSTALL_DIR) -m 700 $(DESTDIR)$(XEN_DUMP_DIR) $(INSTALL_DIR) $(DESTDIR)/var/log/xen $(INSTALL_DIR) $(DESTDIR)/var/lib/xen -- 2.1.4 ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel