Set a safer umask(2) when running as a daemon.
When running as a daemon. unit currently sets umask(0), i.e no umask. This is resulting in various directories being created with a mode of 0777, e.g rwxrwxrwx this is currently affecting cgroup and rootfs directories, which are being created with a mode of 0777, and when running as a daemon as there is no umask to restrict the permissions. This also affects the language modules (the umask is inherited over fork(2)) whereby unless something explicitly sets a umask, files and directories will be created with full permissions, 0666 (rw-rw-rw-)/ 0777 (rwxrwxrwx) respectively. This could be an unwitting security issue. My original idea was to just remove the umask(0) call and thus inherit the umask from the executing shell/program. However there was some concern about just inheriting whatever umask was in effect. Alex suggested that rather than simply removing the umask(0) call we change it to a value of 022 (which is a common default), which will result in directories and files with permissions at most of 0755 (rwxr-xr-x) & 0644 (rw-r--r--). If applications need some other umask set, they can (as they always have been able to) set their own umask(2). Suggested-by: Alejandro Colomar <alx.manpages@gmail.com> Reviewed-by: Liam Crilly <liam@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
This commit is contained in:
Andrew Clayton
@@ -1156,10 +1156,10 @@ nxt_process_daemon(nxt_task_t *task)
|
||||
}
|
||||
|
||||
/*
|
||||
* Reset file mode creation mask: any access
|
||||
* rights can be set on file creation.
|
||||
* Set a sefe umask to give at most 755/644 permissions on
|
||||
* directories/files.
|
||||
*/
|
||||
umask(0);
|
||||
umask(0022);
|
||||
|
||||
/* Redirect STDIN and STDOUT to the "/dev/null". */
|
||||
|
||||
|
||||
Reference in New Issue
Block a user