Fix incorrect vmcore permissions when dumped through ssh

Previously when dumping vmcore to a remote machine through ssh,
the files are created remotely and file permissions are taken
from the default umask value, which making the files accessible to
anyone on the remote machine.

This patch fixed the security issue by setting a customized umask value
before the file creation on the remote machine.

Signed-off-by: Tao Liu <ltao@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
This commit is contained in:
Tao Liu 2021-03-19 18:07:51 +08:00 committed by Kairui Song
parent 6a2e820d87
commit 00785873ef

View File

@ -136,7 +136,7 @@ dump_ssh()
fi fi
_exitcode=$? _exitcode=$?
else else
$CORE_COLLECTOR /proc/vmcore | ssh $_opt $_host "dd bs=512 of=$_dir/vmcore-incomplete" $CORE_COLLECTOR /proc/vmcore | ssh $_opt $_host "umask 0077 && dd bs=512 of=$_dir/vmcore-incomplete"
_exitcode=$? _exitcode=$?
_vmcore="vmcore.flat" _vmcore="vmcore.flat"
fi fi
@ -218,7 +218,7 @@ save_vmcore_dmesg_ssh() {
local _location=$4 local _location=$4
dinfo "saving vmcore-dmesg.txt to $_location:$_path" dinfo "saving vmcore-dmesg.txt to $_location:$_path"
$_dmesg_collector /proc/vmcore | ssh $_opts $_location "dd of=$_path/vmcore-dmesg-incomplete.txt" $_dmesg_collector /proc/vmcore | ssh $_opts $_location "umask 0077 && dd of=$_path/vmcore-dmesg-incomplete.txt"
_exitcode=$? _exitcode=$?
if [ $_exitcode -eq 0 ]; then if [ $_exitcode -eq 0 ]; then