Description
Current code does a bitwise AND with the supplied umask and decimal 022.
This will pass on 022 but fail on most other, proper umasks like 077.
This is still present in 1.0.14
patch to fix is here:
--- commons-daemon-1.0.13-src-ORIG/src/native/unix/native/jsvc-unix.c 2013-02-06 13:15:58.000000000 -0500
+++ commons-daemon-1.0.13-src/src/native/unix/native/jsvc-unix.c 2013-02-22 13:19:08.937906780 -0500
@@ -1230,13 +1230,13 @@
/*
* umask() uses inverse logic; bits are CLEAR for allowed access.
*/
- if (~args->umask & 0022) {
- log_error("NOTICE: jsvc umask of %03o allows "
+ if ((~(args->umask % 10) & 2) || (~(args->umask / 10) & 2)) {
+ log_error("NOTICE: jsvc umask of %04d allows "
"write permission to group and/or other", args->umask);
}
envmask = umask(args->umask);
set_output(args->outfile, args->errfile, args->redirectstdin, args->procname);
- log_debug("Switching umask back to %03o from %03o", envmask, args->umask);
+ log_debug("Switching umask back to %04d from %04d", envmask, args->umask);
res = run_controller(args, data, uid, gid);
if (logger_pid != 0) {
kill(logger_pid, SIGTERM);
Attachments
Issue Links
- is related to
-
DAEMON-307 -umask input values and correlating output pid file permissions
-
- Closed
-
- relates to
-
-
- Closed
-