[lxc-devel] [PATCH] lxc-monitord.log should not be created with mode 0666

Robert Vogelgesang vogel at users.sourceforge.net
Tue Jan 28 15:38:46 UTC 2014


Hi,

On Tue, Jan 28, 2014 at 10:22:36AM -0500, Dwight Engen wrote:
> On Tue, 28 Jan 2014 12:01:54 +0100
> Robert Vogelgesang <vogel at users.sourceforge.net> wrote:
> 
> > lxc_monitord_spawn() in src/lxc/monitor.c contained "umask(0);", and
> > because of this, lxc-monitord created lxc-monitord.log with mode 0666.
> > World-writeable log files are bad, so remove this umask(0).
> 
> I don't have a problem with this change per-se, but I think the reason
> the log is 0666 is because that is the mode passed in log.c:log_open().
> Did your change actually have the effect you were after?

yes, removing "umask(0);" fixed the mode for newly-created logs.

> 
> If we don't want logs world readable then I'd suggest we should change
> the mode log_open() so it takes effect for all lxc logs.

This is not neccessary, because the mode passed to open(2) is modified
by the current umask.  If you have a umask of 022, you don't get
files with mode 0666.

The ONLY reason for a zero umask would be if we want/need mode 0666 on
the unix socket files and named pipes.  If this should be the case, the
"umask(0);" should be moved to lxc_monitord_create() in lxc_monitord.c,
or to main() in lxc_monitord.c, just before calling lxc_monitord_create().

My (admittedly few) tests so far indicate that we don't need a zero umask.

	Robert

> 
> > Signed-off-by: Robert Vogelgesang <vogel at users.sourceforge.net>
> > 
> > diff -u lxc-lxc-1.0.0.beta3/src/lxc/monitor.c.orig
> > lxc-lxc-1.0.0.beta3/src/lxc/monitor.c ---
> > lxc-lxc-1.0.0.beta3/src/lxc/monitor.c.orig	2014-01-27
> > 14:52:20.000000000 +0100 +++
> > lxc-lxc-1.0.0.beta3/src/lxc/monitor.c	2014-01-28
> > 11:57:26.692102355 +0100 @@ -325,7 +325,6 @@ exit(EXIT_SUCCESS); }
> >  
> > -	umask(0);
> >  	if (setsid() < 0) {
> >  		SYSERROR("failed to setsid");
> >  		exit(EXIT_FAILURE);
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list