Fix incorrect vmcore permissions when dumped through ssh

Previously when dumping vmcore to a remote machine through ssh, the files are created remotely and file permissions are taken from the default umask value, which making the files accessible to anyone on the remote machine. This patch fixed the security issue by setting a customized umask value before the file creation on the remote machine. Signed-off-by: Tao Liu <ltao@redhat.com> Acked-by: Kairui Song <kasong@redhat.com>
2021-03-19 18:07:51 +08:00 · 2021-03-19 18:07:51 +08:00 · 00785873ef
commit 00785873ef
parent 6a2e820d87
1 changed files with 2 additions and 2 deletions
--- a/dracut-kdump.sh
+++ b/dracut-kdump.sh
@ -136,7 +136,7 @@ dump_ssh()
        fi
        _exitcode=$?
    else
-        $CORE_COLLECTOR /proc/vmcore | ssh $_opt $_host "dd bs=512 of=$_dir/vmcore-incomplete"
+        $CORE_COLLECTOR /proc/vmcore | ssh $_opt $_host "umask 0077 && dd bs=512 of=$_dir/vmcore-incomplete"
        _exitcode=$?
        _vmcore="vmcore.flat"
    fi
@ -218,7 +218,7 @@ save_vmcore_dmesg_ssh() {
    local _location=$4

    dinfo "saving vmcore-dmesg.txt to $_location:$_path"
-    $_dmesg_collector /proc/vmcore | ssh $_opts $_location "dd of=$_path/vmcore-dmesg-incomplete.txt"
+    $_dmesg_collector /proc/vmcore | ssh $_opts $_location "umask 0077 && dd of=$_path/vmcore-dmesg-incomplete.txt"
    _exitcode=$?

    if [ $_exitcode -eq 0 ]; then