github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request from GHSA-c2h3-6mxw-7mvq

Browse Source 
v1 & v2 runtimes: reduce permissions for bundle dir
This commit is contained in:
Derek McGowan
2021-10-04 08:24:47 -07:00
committed by GitHub
parent 64291df71b 7c621e1fcc
commit 3f00006f72
8 changed files with 476 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
runtime/v2/bundle.go
View File

@@ -71,7 +71,10 @@ func NewBundle(ctx context.Context, root, state, id string, spec []byte) (b *Bun
if err := os.MkdirAll(filepath.Dir(b.Path), 0711); err != nil {
return nil, err
}
if err := os.Mkdir(b.Path, 0711); err != nil {
if err := os.Mkdir(b.Path, 0700); err != nil {
return nil, err
}
if err := prepareBundleDirectoryPermissions(b.Path, spec); err != nil {
return nil, err
}
paths = append(paths, b.Path)