beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon/graphdriver/overlay2
History
Jaroslav Jindrak cadb124ab6
daemon: overlay2: remove world writable permission from the lower file 
In de2447c, the creation of the 'lower' file was changed from using
os.Create to using ioutils.AtomicWriteFile, which ignores the system's
umask. This means that even though the requested permission in the
source code was always 0666, it was 0644 on systems with default
umask of 0022 prior to de2447c, so the move to AtomicFile potentially
increased the file's permissions.

This is not a security issue because the parent directory does not
allow writes into the file, but it can confuse security scanners on
Linux-based systems into giving false positives.

Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
2024-03-05 14:25:50 +01:00
..
check.go daemon/graphdriver: format code with gofumpt 2023-06-29 00:31:34 +02:00
mount.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
overlay.go daemon: overlay2: remove world writable permission from the lower file 2024-03-05 14:25:50 +01:00
overlay_test.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
overlay_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00