Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 175ACC28D17 for ; Mon, 15 Nov 2021 19:40:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 02FB161AA8 for ; Mon, 15 Nov 2021 19:40:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346613AbhKOTfv (ORCPT ); Mon, 15 Nov 2021 14:35:51 -0500 Received: from mail.kernel.org ([198.145.29.99]:40772 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239154AbhKORyo (ORCPT ); Mon, 15 Nov 2021 12:54:44 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id B478D632AD; Mon, 15 Nov 2021 17:33:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1636997613; bh=DddDNs9JomrnzsILPma6S7pZ2ahl2dOz1P588eIjD4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rOpdF756k7DT9eU6Xs1MV49xYP89q3vbeNiO6iefs01xJ1sxdvmSvwgsGahCr5VEm wGnE5OrNyGt97WhnMTkIQTZrgNPDyWCDGe5mlI8qPD/x3e6HBZmhUzoGho8QJoTiZD hegLNopNUjIqaZ+PawCR47ObuMJjpG+1N7EGl6d4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Steven Rostedt (VMware)" , Sasha Levin Subject: [PATCH 5.10 210/575] tracefs: Have tracefs directories not set OTH permission bits by default Date: Mon, 15 Nov 2021 17:58:55 +0100 Message-Id: <20211115165350.976783364@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211115165343.579890274@linuxfoundation.org> References: <20211115165343.579890274@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Steven Rostedt (VMware) [ Upstream commit 49d67e445742bbcb03106b735b2ab39f6e5c56bc ] The tracefs file system is by default mounted such that only root user can access it. But there are legitimate reasons to create a group and allow those added to the group to have access to tracing. By changing the permissions of the tracefs mount point to allow access, it will allow group access to the tracefs directory. There should not be any real reason to allow all access to the tracefs directory as it contains sensitive information. Have the default permission of directories being created not have any OTH (other) bits set, such that an admin that wants to give permission to a group has to first disable all OTH bits in the file system. Link: https://lkml.kernel.org/r/20210818153038.664127804@goodmis.org Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Sasha Levin --- fs/tracefs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 0ee8c6dfb0364..bf58ae6f984fe 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -430,7 +430,8 @@ static struct dentry *__create_dir(const char *name, struct dentry *parent, if (unlikely(!inode)) return failed_creating(dentry); - inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; + /* Do not set bits for OTH */ + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP; inode->i_op = ops; inode->i_fop = &simple_dir_operations; -- 2.33.0