Fix incorrect vmcore permissions when dumped through ssh

Related: rhbz#1938165 Upstream: fedora Conflict: none commit 00785873ef Author: Tao Liu <ltao@redhat.com> Date: Fri Mar 19 18:07:51 2021 +0800 Fix incorrect vmcore permissions when dumped through ssh Previously when dumping vmcore to a remote machine through ssh, the files are created remotely and file permissions are taken from the default umask value, which making the files accessible to anyone on the remote machine. This patch fixed the security issue by setting a customized umask value before the file creation on the remote machine. Signed-off-by: Tao Liu <ltao@redhat.com> Acked-by: Kairui Song <kasong@redhat.com> Signed-off-by: Tao Liu <ltao@redhat.com>
2021-04-20 16:20:10 +08:00 · 2021-04-20 16:20:10 +08:00 · 910c20d3ce
parent 3371584d02
commit 910c20d3ce
1 changed files with 2 additions and 2 deletions
--- a/dracut-kdump.sh
+++ b/dracut-kdump.sh
@ -136,7 +136,7 @@ dump_ssh()
        fi
        _exitcode=$?
    else
-        $CORE_COLLECTOR /proc/vmcore | ssh $_opt $_host "dd bs=512 of=$_dir/vmcore-incomplete"
+        $CORE_COLLECTOR /proc/vmcore | ssh $_opt $_host "umask 0077 && dd bs=512 of=$_dir/vmcore-incomplete"
        _exitcode=$?
        _vmcore="vmcore.flat"
    fi
@ -218,7 +218,7 @@ save_vmcore_dmesg_ssh() {
    local _location=$4

    dinfo "saving vmcore-dmesg.txt to $_location:$_path"
-    $_dmesg_collector /proc/vmcore | ssh $_opts $_location "dd of=$_path/vmcore-dmesg-incomplete.txt"
+    $_dmesg_collector /proc/vmcore | ssh $_opts $_location "umask 0077 && dd of=$_path/vmcore-dmesg-incomplete.txt"
    _exitcode=$?

    if [ $_exitcode -eq 0 ]; then