From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Jul 2022 21:47:31 +0000 (+0200)
Subject: base-filesystem: pick more conservative access mode for /root/
X-Git-Tag: v252-rc1~650
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93cbc9ca12043a13a2a80087a00012e009216f13;p=thirdparty%2Fsystemd.git

base-filesystem: pick more conservative access mode for /root/

Let's not allow anyone to look into /root/ if we create it via the
base-filesystem logic. i.e. change 0755 → 0750 as default access mode
for /root/, in case we create it if it happens to be missing.
---

diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
index 6dacc1d20ae..cd8ea493199 100644
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -31,7 +31,7 @@ typedef struct BaseFilesystem {
 static const BaseFilesystem table[] = {
         { "bin",      0, "usr/bin\0",                  NULL },
         { "lib",      0, "usr/lib\0",                  NULL },
-        { "root",  0755, NULL,                         NULL, true },
+        { "root",  0750, NULL,                         NULL, true },
         { "sbin",     0, "usr/sbin\0",                 NULL },
         { "usr",   0755, NULL,                         NULL },
         { "var",   0755, NULL,                         NULL },