9fb2e54a9b
Currently fcoemon creates a world and group writable PID file which could be locally exploited. This patch sets umask to 177 before the PID file creation.
30 lines
859 B
Diff
30 lines
859 B
Diff
From 964c51aee4a5007cffed59b40aab5dc2c1861f00 Mon Sep 17 00:00:00 2001
|
|
From: Petr Sabata <psabata@redhat.com>
|
|
Date: Mon, 2 May 2011 20:30:51 +0000
|
|
Subject: [PATCH] fcoemon: Do not create a world and group writable PID file
|
|
|
|
Currently fcoemon creates a world and group writable PID file which could be
|
|
locally exploited. This patch sets umask to 177 before the PID file creation.
|
|
|
|
Signed-off-by: Petr Sabata <psabata@redhat.com>
|
|
Signed-off-by: Robert Love <robert.w.love@intel.com>
|
|
---
|
|
fcoemon.c | 1 +
|
|
1 files changed, 1 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/fcoemon.c b/fcoemon.c
|
|
index f2f3b86..4ee18f3 100644
|
|
--- a/fcoemon.c
|
|
+++ b/fcoemon.c
|
|
@@ -2320,6 +2320,7 @@ static void fcm_pidfile_create(void)
|
|
}
|
|
fclose(fp);
|
|
}
|
|
+ umask(~(S_IRUSR | S_IWUSR));
|
|
fp = fopen(fcm_pidfile, "w+");
|
|
if (fp) {
|
|
fprintf(fp, "%d\n", getpid());
|
|
--
|
|
1.7.4.4
|
|
|