[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling

Hi Chris

The reason I do not simply set the umask to a fixed value is to use the same principle as upstream. That is honor the umask set bu the user. There may be reasons why group read and/or write should be set for example.

I agree with upstream that the umask should be honored, but not as strictly as upstream do. This is why I just override the "world readable" part and let the rest be controlled by the user.

In the working patch you can see that I also set back the umask (just a little further down in the file) as it was to just change this specific case of logging.

More clear now?

Best regards

// Ola

On Tue, Aug 2, 2016 at 7:14 PM, Chris Lamb <lamby@debian.org> wrote:
> Here is the working patch (attached).

Out of interest, why:

+    mode_t prev_mask = umask(0022);
+    // Make sure this file is not readable by others
+    umask(prev_mask | S_IROTH | S_IWOTH | S_IXOTH);
     FILE *fp = fopen(filename,"w");

.. over, say:

+    // Make sure this file is not readable by others
+    mode_t prev_mask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
     FILE *fp = fopen(filename,"w");
+    umask(prev_mask);

We don't really want to change the umask for the entire process.
Or at least, we don't know the ramifications of that so better to
keep it isolated to just this bit?


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: