From c962918bc70a61a8cc647898ee8b1ff1c14a87c5 Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Tue, 28 Apr 2015 12:49:38 +0200 Subject: [LIBREPORT PATCH] build: switch the default dump dir mode to 0640 The 0660 allows root escalations in ABRT. We don't really need to have the dump directories writable for the group as ABRT processes run under root. We introduced 0x1 for group with the switch to /var/tmp/abrt because we thought that we will have ABRT processes run under the user abrt, but there are no signs that we will ever pursue such a setup. Related: #1212861 Signed-off-by: Jakub Filak --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index df88240..8aea410 100644 --- a/configure.ac +++ b/configure.ac @@ -249,8 +249,8 @@ AC_PATH_PROG(AUGPARSE, augparse, no) AC_ARG_WITH([defaultdumpdirmode], AS_HELP_STRING([--with-defaultdumpdirmode=OCTAL-MODE], - [Default dump dir mode (default: 0660)]), - [], [with_defaultdumpdirmode="0660"]) + [Default dump dir mode (default: 0640)]), + [], [with_defaultdumpdirmode="0640"]) AC_SUBST([DEFAULT_DUMP_DIR_MODE], [$with_defaultdumpdirmode]) DUMP_DIR_OWNED_BY_USER=1 -- 1.8.3.1