Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 118b9886f938750258673603204d9d28f0a3d3ca
commit118b9886f938750258673603204d9d28f0a3d3ca[log] [tgz]
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>Wed Apr 10 10:38:28 2024 +0200
committerSimon Glass <sjg@chromium.org>Wed Jul 03 07:36:32 2024 +0100
tree4aed92f329fbdedb7f30c7e07ad335d825a9cbf6
parent1f47e4e198c4c40458eeb357d07ef17d4245c23e [diff]
sandbox: use sane access rights for files

When writing an executable, allowing other users to modify it introduces
a security issue.

Generally we should avoid giving other users write access to our files by
default.

Replace chmod(777) by chmod(755) and chmod(644).

Fixes: 47f5fcfb4169 ("sandbox: Add os_jump_to_image() to run another executable")
Fixes: d9165153caea ("sandbox: add flags for open() call")
Fixes: 5c2859cdc302 ("sandbox: Allow reading/writing of RAM buffer")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
1 file changed
tree: 4aed92f329fbdedb7f30c7e07ad335d825a9cbf6
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. boot/
  6. cmd/
  7. common/
  8. configs/
  9. disk/
  10. doc/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .azure-pipelines.yml
  25. .checkpatch.conf
  26. .get_maintainer.conf
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .gitlab-ci.yml
  31. .mailmap
  32. .readthedocs.yml
  33. config.mk
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README