diff options
| author | Andrew Clayton <a.clayton@nginx.com> | 2023-02-23 12:01:14 +0000 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2023-02-23 12:01:14 +0000 |
| commit | 29471c8d32a640d6e2e460f65d5a319c60043733 (patch) | |
| tree | 6a928f56075564ffb4686280acbdd416635b9e47 /pkg/contrib/src/njs/version | |
| parent | 5c9113ddac6eb42efac7f0c77b2f374853ba7d8c (diff) | |
| download | unit-29471c8d32a640d6e2e460f65d5a319c60043733.tar.gz unit-29471c8d32a640d6e2e460f65d5a319c60043733.tar.bz2 | |
Set a safer umask(2) when running as a daemon.
When running as a daemon. unit currently sets umask(0), i.e no umask.
This is resulting in various directories being created with a mode of
0777, e.g
rwxrwxrwx
this is currently affecting cgroup and rootfs directories, which are
being created with a mode of 0777, and when running as a daemon as there
is no umask to restrict the permissions.
This also affects the language modules (the umask is inherited over
fork(2)) whereby unless something explicitly sets a umask, files and
directories will be created with full permissions, 0666 (rw-rw-rw-)/
0777 (rwxrwxrwx) respectively.
This could be an unwitting security issue.
My original idea was to just remove the umask(0) call and thus inherit
the umask from the executing shell/program.
However there was some concern about just inheriting whatever umask was
in effect.
Alex suggested that rather than simply removing the umask(0) call we
change it to a value of 022 (which is a common default), which will
result in directories and files with permissions at most of 0755
(rwxr-xr-x) & 0644 (rw-r--r--).
If applications need some other umask set, they can (as they always have
been able to) set their own umask(2).
Suggested-by: Alejandro Colomar <alx.manpages@gmail.com>
Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to 'pkg/contrib/src/njs/version')
0 files changed, 0 insertions, 0 deletions