make /var/{run, lock, state} not world writable (0755)
authorEtienne CHAMPETIER <champetier.etienne@gmail.com>
Thu, 16 Jun 2016 08:09:15 +0000 (08:09 +0000)
committerJohn Crispin <john@phrozen.org>
Thu, 16 Jun 2016 22:58:34 +0000 (00:58 +0200)
since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013)
/var/{run,lock,state} are world writable (0777) which is a security issue
before that they were created by /etc/init.d/boot with normal
permissions (0755), so revert to that state

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
initd/early.c

index accfc1dce54c488e5cb4ab82eb9922c76b7c8a89..bf519f615528033e5017534ed700862c7b66e55d 100644 (file)
@@ -73,9 +73,9 @@ early_mounts(void)
                mount("tmpfs", "/tmp/shm", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOATIME,
                                "mode=01777");
        }
-       mkdir("/tmp/run", 0777);
-       mkdir("/tmp/lock", 0777);
-       mkdir("/tmp/state", 0777);
+       mkdir("/tmp/run", 0755);
+       mkdir("/tmp/lock", 0755);
+       mkdir("/tmp/state", 0755);
        umask(oldumask);
 }