mdmon: ensure Unix domain socket is created with safe permissions.

In the unlikely case that mdmon is started with an overly permissive umask, we don't want to risk giving away world acccess. All other "mkdir" and "O_CREAT" calls in mdmon and mdadm set a suitably restrictive permission mask. 'bind' don't take an explicit mask so it needs an implicit one. Reported-by: Vincent Berg <vberg@ioactive.com> Signed-off-by: NeilBrown <neilb@suse.de>
author: NeilBrown <neilb@suse.de> 2014-07-03 09:06:45 +0200
committer: NeilBrown <neilb@suse.de> 2014-07-03 09:06:45 +0200
commit: 120ec6f7b96455e42bdfa9131c0c9026c57eaf19 (patch)
tree: 8b646a8b0fab67bcce27dc9047e250fb44390cde /mdmon.c
parent: md.4: Make tables narrow enough to fit. (diff)
download: mdadm-120ec6f7b96455e42bdfa9131c0c9026c57eaf19.tar.xz
mdadm-120ec6f7b96455e42bdfa9131c0c9026c57eaf19.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/mdmon.c b/mdmon.c
index b84d4d95..21221cd6 100644
--- a/mdmon.c
+++ b/mdmon.c
@@ -232,6 +232,7 @@ static int make_control_sock(char *devname)
 
 	addr.sun_family = PF_LOCAL;
 	strcpy(addr.sun_path, path);
+	umask(077); /* ensure no world write access */
 	if (bind(sfd, &addr, sizeof(addr)) < 0) {
 		close(sfd);
 		return -1;
author	NeilBrown <neilb@suse.de>	2014-07-03 09:06:45 +0200
committer	NeilBrown <neilb@suse.de>	2014-07-03 09:06:45 +0200
commit	120ec6f7b96455e42bdfa9131c0c9026c57eaf19 (patch)
tree	8b646a8b0fab67bcce27dc9047e250fb44390cde /mdmon.c
parent	md.4: Make tables narrow enough to fit. (diff)
download	mdadm-120ec6f7b96455e42bdfa9131c0c9026c57eaf19.tar.xz mdadm-120ec6f7b96455e42bdfa9131c0c9026c57eaf19.zip