From 7104a2b149f0a870ec36ddff90b5f6a22c0d398d Mon Sep 17 00:00:00 2001 From: Etienne CHAMPETIER Date: Thu, 16 Jun 2016 08:09:15 +0000 Subject: [PATCH] make /var/{run, lock, state} not world writable (0755) since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013) /var/{run,lock,state} are world writable (0777) which is a security issue before that they were created by /etc/init.d/boot with normal permissions (0755), so revert to that state Signed-off-by: Etienne CHAMPETIER --- initd/early.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/initd/early.c b/initd/early.c index accfc1d..bf519f6 100644 --- a/initd/early.c +++ b/initd/early.c @@ -73,9 +73,9 @@ early_mounts(void) mount("tmpfs", "/tmp/shm", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOATIME, "mode=01777"); } - mkdir("/tmp/run", 0777); - mkdir("/tmp/lock", 0777); - mkdir("/tmp/state", 0777); + mkdir("/tmp/run", 0755); + mkdir("/tmp/lock", 0755); + mkdir("/tmp/state", 0755); umask(oldumask); } -- 2.25.1