From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 96ABC1FB05 for ; Fri, 18 Dec 2020 12:09:51 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 08/26] lei: ensure we run a restrictive umask Date: Fri, 18 Dec 2020 12:09:32 +0000 Message-Id: <20201218120950.23272-9-e@80x24.org> In-Reply-To: <20201218120950.23272-1-e@80x24.org> References: <20201218120950.23272-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: While we configure the LeiStore git repos and DBs to have a restrictive umask, lei may also write to Maildirs/mboxes/etc. We will follow mutt behavior when saving files/messages to the FS. We only want to create files which are only readable by the local user since this is intended for private mail and could be used on shared systems. We may allow passing the umask on a per-command-basis, but it's probably not worth the effort to support. --- lib/PublicInbox/LeiDaemon.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/LeiDaemon.pm b/lib/PublicInbox/LeiDaemon.pm index 010c1cba..1f170f1d 100644 --- a/lib/PublicInbox/LeiDaemon.pm +++ b/lib/PublicInbox/LeiDaemon.pm @@ -538,12 +538,11 @@ sub lazy_start { die "connect($path): $!"; } require IO::FDPass; - my $umask = umask(077) // die("umask(077): $!"); + umask(077) // die("umask(077): $!"); my $l = IO::Socket::UNIX->new(Local => $path, Listen => 1024, Type => SOCK_STREAM) or $err = $!; - umask($umask) or die("umask(restore): $!"); $l or return die "bind($path): $err"; my @st = stat($path) or die "stat($path): $!"; my $dev_ino_expect = pack('dd', $st[0], $st[1]); # dev+ino @@ -638,6 +637,7 @@ sub oneshot { my $exit = $main_pkg->can('exit'); # caller may override exit() local $quit = $exit if $exit; local %PATH2CFG; + umask(077) // die("umask(077): $!"); dispatch({ 0 => *STDIN{IO}, 1 => *STDOUT{IO},