summaryrefslogtreecommitdiffhomepage
path: root/CHANGES
diff options
context:
space:
mode:
authorAndrew Clayton <a.clayton@nginx.com>2023-02-23 12:01:14 +0000
committerAndrew Clayton <a.clayton@nginx.com>2023-02-24 15:48:15 +0000
commit5ed6eae7188f3da17c8805a26c9e3a6f2289329a (patch)
treebfb892156c634e3af5114251a8ac3f3687fb840b /CHANGES
parentffa86b6edcb4ac06825557f969fb657948d8c35e (diff)
downloadunit-5ed6eae7188f3da17c8805a26c9e3a6f2289329a.tar.gz
unit-5ed6eae7188f3da17c8805a26c9e3a6f2289329a.tar.bz2
Set a safer umask(2) when running as a daemon.
When running as a daemon. unit currently sets umask(0), i.e no umask. This is resulting in various directories being created with a mode of 0777, e.g rwxrwxrwx this is currently affecting cgroup and rootfs directories, which are being created with a mode of 0777, and when running as a daemon as there is no umask to restrict the permissions. This also affects the language modules (the umask is inherited over fork(2)) whereby unless something explicitly sets a umask, files and directories will be created with full permissions, 0666 (rw-rw-rw-)/ 0777 (rwxrwxrwx) respectively. This could be an unwitting security issue. My original idea was to just remove the umask(0) call and thus inherit the umask from the executing shell/program. However there was some concern about just inheriting whatever umask was in effect. Alex suggested that rather than simply removing the umask(0) call we change it to a value of 022 (which is a common default), which will result in directories and files with permissions at most of 0755 (rwxr-xr-x) & 0644 (rw-r--r--). If applications need some other umask set, they can (as they always have been able to) set their own umask(2). Suggested-by: Alejandro Colomar <alx.manpages@gmail.com> Reviewed-by: Liam Crilly <liam@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to 'CHANGES')
0 files changed, 0 insertions, 0 deletions