mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Merge branch '4037-interprocesssyncfile-do_lock-temporarily-changes-process-umask-to-0111-possible-security' into 'master'

Browse Source 
Draft: Resolve "`InterprocessSyncFile::do_lock()` temporarily changes process umask to `0111`, possible security implications"

Closes #4037

See merge request isc-projects/kea!2745
This commit is contained in:
Francis Dupont 2025-08-20 19:01:13 +00:00
commit 23ff3a5adf
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/lib/log/interprocess/interprocess_sync_file.cc
View File

@ -54,10 +54,14 @@ InterprocessSyncFile::do_lock(int cmd, short l_type) {
// Open the lockfile in the constructor so it doesn't do the access
// checks every time a message is logged.
const mode_t mode = umask(S_IXUSR | S_IXGRP | S_IXOTH); // 0111
fd_ = open(lockfile_path.c_str(), O_CREAT | O_RDWR,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); // 0660
umask(mode);
if (fd_ != -1) {
if (fchmod(fd_, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) != 0) {
close(fd_);
fd_ = -1;
}
}
if (fd_ == -1) {
std::stringstream tmp;