open-iscsi/0014-modify-iSCSI-shared-memory-permissions-for-logs.patch

From 3948dec9e2bd50ee3eec9e2288635362eddce171 Mon Sep 17 00:00:00 2001
From: Wu Bo <wubo40@huawei.com>
Date: Tue, 12 May 2020 16:07:43 +0800
Subject: [PATCH] modify iSCSI shared memory permissions for logs

iscsid log damon is responsible for reading data from shared memory
and writing syslog. iscsid is the root group. Currently, it is not 
seen that non-root users need to read logs. The priciple of minimizing
the use of permisssions, all the permissions are changed from 644 to 600.

Signed-off-by: Wu Bo <wubo40@huawei.com>
---
 usr/log.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr/log.c b/usr/log.c
index b5c1bdd..2f60bf2 100644
--- a/usr/log.c
+++ b/usr/log.c
@@ -80,7 +80,7 @@ static int logarea_init (int size)
 	logdbg(stderr,"enter logarea_init\n");
 
 	if ((shmid = shmget(IPC_PRIVATE, sizeof(struct logarea),
-			    0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+			    0600 | IPC_CREAT | IPC_EXCL)) == -1) {
 		syslog(LOG_ERR, "shmget logarea failed %d", errno);
 		return 1;
 	}
@@ -100,7 +100,7 @@ static int logarea_init (int size)
 		size = DEFAULT_AREA_SIZE;
 
 	if ((shmid = shmget(IPC_PRIVATE, size,
-			    0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+			    0600 | IPC_CREAT | IPC_EXCL)) == -1) {
 		syslog(LOG_ERR, "shmget msg failed %d", errno);
 		free_logarea();
 		return 1;
@@ -121,7 +121,7 @@ static int logarea_init (int size)
 	la->tail = la->start;
 
 	if ((shmid = shmget(IPC_PRIVATE, MAX_MSG_SIZE + sizeof(struct logmsg),
-			    0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+			    0600 | IPC_CREAT | IPC_EXCL)) == -1) {
 		syslog(LOG_ERR, "shmget logmsg failed %d", errno);
 		free_logarea();
 		return 1;
-- 
1.8.3.1
backport bugfix for open-iscsi 2020-05-12 17:27:41 +08:00			`From 3948dec9e2bd50ee3eec9e2288635362eddce171 Mon Sep 17 00:00:00 2001`
			`From: Wu Bo <wubo40@huawei.com>`
			`Date: Tue, 12 May 2020 16:07:43 +0800`
			`Subject: [PATCH] modify iSCSI shared memory permissions for logs`

			`iscsid log damon is responsible for reading data from shared memory`
			`and writing syslog. iscsid is the root group. Currently, it is not`
			`seen that non-root users need to read logs. The priciple of minimizing`
			`the use of permisssions, all the permissions are changed from 644 to 600.`

			`Signed-off-by: Wu Bo <wubo40@huawei.com>`
			`---`
			`usr/log.c \| 6 +++---`
			`1 file changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/usr/log.c b/usr/log.c`
			`index b5c1bdd..2f60bf2 100644`
			`--- a/usr/log.c`
			`+++ b/usr/log.c`
			`@@ -80,7 +80,7 @@ static int logarea_init (int size)`
			`logdbg(stderr,"enter logarea_init\n");`

			`if ((shmid = shmget(IPC_PRIVATE, sizeof(struct logarea),`
			`- 0644 \| IPC_CREAT \| IPC_EXCL)) == -1) {`
			`+ 0600 \| IPC_CREAT \| IPC_EXCL)) == -1) {`
			`syslog(LOG_ERR, "shmget logarea failed %d", errno);`
			`return 1;`
			`}`
			`@@ -100,7 +100,7 @@ static int logarea_init (int size)`
			`size = DEFAULT_AREA_SIZE;`

			`if ((shmid = shmget(IPC_PRIVATE, size,`
			`- 0644 \| IPC_CREAT \| IPC_EXCL)) == -1) {`
			`+ 0600 \| IPC_CREAT \| IPC_EXCL)) == -1) {`
			`syslog(LOG_ERR, "shmget msg failed %d", errno);`
			`free_logarea();`
			`return 1;`
			`@@ -121,7 +121,7 @@ static int logarea_init (int size)`
			`la->tail = la->start;`

			`if ((shmid = shmget(IPC_PRIVATE, MAX_MSG_SIZE + sizeof(struct logmsg),`
			`- 0644 \| IPC_CREAT \| IPC_EXCL)) == -1) {`
			`+ 0600 \| IPC_CREAT \| IPC_EXCL)) == -1) {`
			`syslog(LOG_ERR, "shmget logmsg failed %d", errno);`
			`free_logarea();`
			`return 1;`
			`--`
			`1.8.3.1`