From d209bb27b423cbadf9e04f2cf57e6c44d0834a7f Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 9 Mar 2023 16:55:46 +0100 Subject: [PATCH] User more restrictive attributes for device file lock. --- lib/utils_device_locking.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/utils_device_locking.c b/lib/utils_device_locking.c index e18ea773..f66e95e2 100644 --- a/lib/utils_device_locking.c +++ b/lib/utils_device_locking.c @@ -134,7 +134,7 @@ static int open_resource(struct crypt_device *cd, const char *res) return -EINVAL; log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res); - r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777); + r = openat(lockdir_fd, res, O_CREAT|O_NOFOLLOW|O_RDWR|O_CLOEXEC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); err = errno; close(lockdir_fd);