From 4edcd9a4001f684d6c5b66afc2e164bdd6a296eb Mon Sep 17 00:00:00 2001
From: Lichen Liu <lichliu@redhat.com>
Date: Wed, 24 Aug 2022 16:16:14 +0800
Subject: [PATCH] kdumpctl: make the kdump.log root-readable-only

Decrease the risk that of leaking information that could potentially
be used to exploit the crash further (think location of keys).

Signed-off-by: Lichen Liu <lichliu@redhat.com>
Acked-by: Coiby Xu <coxu@redhat.com>
---
 kdumpctl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kdumpctl b/kdumpctl
index 126ecb9..0e37d36 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -691,6 +691,7 @@ load_kdump()
 	# and release it.
 	exec 12>&2
 	exec 2>> $KDUMP_LOG_PATH/kdump.log
+	chmod 600 $KDUMP_LOG_PATH/kdump.log
 	PS4='+ $(date "+%Y-%m-%d %H:%M:%S") ${BASH_SOURCE}@${LINENO}: '
 	set -x