Re: [PATCH] open-iscsi:Modify iSCSI shared memory permissions for logs
On 2020/4/20 1:39, The Lee-Man wrote:
On Friday, April 17, 2020 at 2:08:57 AM UTC-7, Wu Bo wrote:
Hi,
Iscsid log damon is responsible for reading data from shared memory
and writing syslog. Iscsid is the root user group.
Currently, it is not seen that non-root users need to read logs.
The principle of minimizing the use of permissions, all the permissions
are changed from 644 to 600.
Signed-off-by: Wu Bo ...
---
usr/log.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/usr/log.c b/usr/log.c
index 6e16e7c..2fc1850 100644
--- a/usr/log.c
+++ b/usr/log.c
@@ -73,7 +73,7 @@ static int logarea_init (int size)
logdbg(stderr,"enter logarea_init\n");
if ((shmid = shmget(IPC_PRIVATE, sizeof(struct logarea),
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget logarea failed %d", errno);
return 1;
}
@@ -93,7 +93,7 @@ static int logarea_init (int size)
size = DEFAULT_AREA_SIZE;
if ((shmid = shmget(IPC_PRIVATE, size,
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget msg failed %d", errno);
free_logarea();
return 1;
@@ -114,7 +114,7 @@ static int logarea_init (int size)
la->tail = la->start;
if ((shmid = shmget(IPC_PRIVATE, MAX_MSG_SIZE + sizeof(struct
logmsg),
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget logmsg failed %d", errno);
free_logarea();
return 1;
--
1.8.3.1
This looks good to me. Any chance you can make this a pull request for
open-iscsi/open-iscsi on github?
--
OK, I will submit a pull request for open-iscsi/open-iscsi on github.
Thanks
Wu Bo
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to open-iscsi+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/open-iscsi/a2345d15-4c7d-4e02-5ee0-db6363c0a1ab%40huawei.com.
Re: [PATCH] open-iscsi:Modify iSCSI shared memory permissions for logs
On Friday, April 17, 2020 at 2:08:57 AM UTC-7, Wu Bo wrote:
>
> Hi,
>
> Iscsid log damon is responsible for reading data from shared memory
> and writing syslog. Iscsid is the root user group.
> Currently, it is not seen that non-root users need to read logs.
> The principle of minimizing the use of permissions, all the permissions
> are changed from 644 to 600.
>
> Signed-off-by: Wu Bo ...
> ---
> usr/log.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/usr/log.c b/usr/log.c
> index 6e16e7c..2fc1850 100644
> --- a/usr/log.c
> +++ b/usr/log.c
> @@ -73,7 +73,7 @@ static int logarea_init (int size)
> logdbg(stderr,"enter logarea_init\n");
>
> if ((shmid = shmget(IPC_PRIVATE, sizeof(struct logarea),
> - 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
> + 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
> syslog(LOG_ERR, "shmget logarea failed %d", errno);
> return 1;
> }
> @@ -93,7 +93,7 @@ static int logarea_init (int size)
> size = DEFAULT_AREA_SIZE;
>
> if ((shmid = shmget(IPC_PRIVATE, size,
> - 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
> + 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
> syslog(LOG_ERR, "shmget msg failed %d", errno);
> free_logarea();
> return 1;
> @@ -114,7 +114,7 @@ static int logarea_init (int size)
> la->tail = la->start;
>
> if ((shmid = shmget(IPC_PRIVATE, MAX_MSG_SIZE + sizeof(struct
> logmsg),
> - 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
> + 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
> syslog(LOG_ERR, "shmget logmsg failed %d", errno);
> free_logarea();
> return 1;
> --
> 1.8.3.1
>
>
This looks good to me. Any chance you can make this a pull request for
open-iscsi/open-iscsi on github?
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to open-iscsi+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/open-iscsi/c4ca6d31-2fe4-4f7f-a822-8b951f8807a5%40googlegroups.com.
