Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling

[Ola Lundqvist <ola@inguza.com>]

Hi Chris

The reason I do not simply set the umask to a fixed value is to use the same principle as upstream. That is honor the umask set bu the user. There may be reasons why group read and/or write should be set for example.

I agree with upstream that the umask should be honored, but not as strictly as upstream do. This is why I just override the "world readable" part and let the rest be controlled by the user.

In the working patch you can see that I also set back the umask (just a little further down in the file) as it was to just change this specific case of logging.

More clear now?

Best regards

// Ola

On Tue, Aug 2, 2016 at 7:14 PM, Chris Lamb <lamby@debian.org> wrote:

> Here is the working patch (attached).

Out of interest, why:

+    mode_t prev_mask = umask(0022);
+    // Make sure this file is not readable by others
+    umask(prev_mask | S_IROTH | S_IWOTH | S_IXOTH);
     FILE *fp = fopen(filename,"w");

.. over, say:

+    // Make sure this file is not readable by others
+    mode_t prev_mask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
     FILE *fp = fopen(filename,"w");
+    umask(prev_mask);

We don't really want to change the umask for the entire process.
Or at least, we don't know the ramifications of that so better to
keep it isolated to just this bit?

Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

--

 --- Inguza Technology AB --- MSc in Information Technology ----

/  ola@inguza.com                    Folkebogatan 26            \

|  opal@debian.org                   654 68 KARLSTAD            |

|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

 ---------------------------------------------------------------