* [PATCH 08/26] lei: ensure we run a restrictive umask
2020-12-18 12:09 3% [PATCH 00/26] lei: basic UI + IPC work Eric Wong
@ 2020-12-18 12:09 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2020-12-18 12:09 UTC (permalink / raw)
To: meta
While we configure the LeiStore git repos and DBs to have a
restrictive umask, lei may also write to Maildirs/mboxes/etc.
We will follow mutt behavior when saving files/messages to the FS.
We only want to create files which are only readable by the local
user since this is intended for private mail and could be used
on shared systems.
We may allow passing the umask on a per-command-basis, but it's
probably not worth the effort to support.
---
lib/PublicInbox/LeiDaemon.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/PublicInbox/LeiDaemon.pm b/lib/PublicInbox/LeiDaemon.pm
index 010c1cba..1f170f1d 100644
--- a/lib/PublicInbox/LeiDaemon.pm
+++ b/lib/PublicInbox/LeiDaemon.pm
@@ -538,12 +538,11 @@ sub lazy_start {
die "connect($path): $!";
}
require IO::FDPass;
- my $umask = umask(077) // die("umask(077): $!");
+ umask(077) // die("umask(077): $!");
my $l = IO::Socket::UNIX->new(Local => $path,
Listen => 1024,
Type => SOCK_STREAM) or
$err = $!;
- umask($umask) or die("umask(restore): $!");
$l or return die "bind($path): $err";
my @st = stat($path) or die "stat($path): $!";
my $dev_ino_expect = pack('dd', $st[0], $st[1]); # dev+ino
@@ -638,6 +637,7 @@ sub oneshot {
my $exit = $main_pkg->can('exit'); # caller may override exit()
local $quit = $exit if $exit;
local %PATH2CFG;
+ umask(077) // die("umask(077): $!");
dispatch({
0 => *STDIN{IO},
1 => *STDOUT{IO},
^ permalink raw reply related [relevance 7%]
* [PATCH 00/26] lei: basic UI + IPC work
@ 2020-12-18 12:09 3% Eric Wong
2020-12-18 12:09 7% ` [PATCH 08/26] lei: ensure we run a restrictive umask Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2020-12-18 12:09 UTC (permalink / raw)
To: meta
Some work on the storage side, but MiscIdx still needs work to
handle existing publicinboxes, extinboxes (over HTTP(S)), and
other config things.
PATCH 22/26 - bash completion sorta works, but filename
completions get broken. Not sure why and help would be
greatly appreciated (along with help for other shells).
I don't know bash-specific stuff well at all, even; and
less about other non-POSIX shells.
Somewhat nice UI things (at least to my delirious sleep-deprived
state):
* -$DIGIT option parsing works (e.g. "git log -10"),
"kill -9"
* help-based CLI arg/prototype checking seems working
and hopefully cuts down on long-term maintenance work
while promoting UI consistency
* having IO::FDPass hides startup time, 20-30ms isn't
really noticeable for humans on interactive terminals,
but still not ideal for loops.
* lei.sh + "make symlink-install"
And some internal improvements:
* several simplifications to existing Search code,
->xdb_shards_flat will come in handy
* generic OnDestroy - long overdue
Eric Wong (26):
lei: FD-passing and IPC basics
lei: proposed command-listing and options
lei_store: local storage for Local Email Interface
tests: more common JSON module loading
lei: use spawn (vfork + execve) for lazy start
lei: refine help/option parsing, implement "init"
t/lei-oneshot: standalone oneshot (non-socket) test
lei: ensure we run a restrictive umask
lei: support `daemon-env' for modifying long-lived env
lei_store: simplify git_epoch_max, slightly
search: simplify initialization, add ->xdb_shards_flat
rename LeiDaemon package to PublicInbox::LEI
lei: support pass-through for `lei config'
lei: help: show actual paths being operated on
lei: rename $client => $self and bless
lei: micro-optimize startup time
lei_store: relax GIT_COMMITTER_IDENT check
lei_store: keyword extraction from mbox and Maildir
on_destroy: generic localized END
lei: restore default __DIE__ handler for event loop
lei: drop $SIG{__DIE__}, add oneshot fallbacks
lei: start working on bash completion
build: add lei.sh + "make symlink-install" target
lei: support for -$DIGIT and -$SIG CLI switches
lei: revise output routines
lei: extinbox: start implementing in config file
MANIFEST | 11 +
Makefile.PL | 11 +
contrib/completion/lei-completion.bash | 11 +
lei.sh | 7 +
lib/PublicInbox/Daemon.pm | 6 +-
lib/PublicInbox/ExtSearch.pm | 10 +-
lib/PublicInbox/ExtSearchIdx.pm | 35 +-
lib/PublicInbox/Import.pm | 4 +
lib/PublicInbox/LEI.pm | 776 +++++++++++++++++++++++++
lib/PublicInbox/LeiExtinbox.pm | 52 ++
lib/PublicInbox/LeiSearch.pm | 39 ++
lib/PublicInbox/LeiStore.pm | 227 ++++++++
lib/PublicInbox/ManifestJsGz.pm | 2 +-
lib/PublicInbox/OnDestroy.pm | 16 +
lib/PublicInbox/OverIdx.pm | 10 +
lib/PublicInbox/Search.pm | 65 +--
lib/PublicInbox/SearchIdx.pm | 62 +-
lib/PublicInbox/SearchIdxShard.pm | 33 ++
lib/PublicInbox/TestCommon.pm | 7 +-
lib/PublicInbox/V2Writable.pm | 10 +-
script/lei | 76 +++
t/extsearch.t | 3 +-
t/lei-oneshot.t | 25 +
t/lei.t | 306 ++++++++++
t/lei_store.t | 88 +++
t/on_destroy.t | 25 +
t/www_listing.t | 8 +-
27 files changed, 1843 insertions(+), 82 deletions(-)
create mode 100644 contrib/completion/lei-completion.bash
create mode 100755 lei.sh
create mode 100644 lib/PublicInbox/LEI.pm
create mode 100644 lib/PublicInbox/LeiExtinbox.pm
create mode 100644 lib/PublicInbox/LeiSearch.pm
create mode 100644 lib/PublicInbox/LeiStore.pm
create mode 100644 lib/PublicInbox/OnDestroy.pm
create mode 100755 script/lei
create mode 100644 t/lei-oneshot.t
create mode 100644 t/lei.t
create mode 100644 t/lei_store.t
create mode 100644 t/on_destroy.t
^ permalink raw reply [relevance 3%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2020-12-18 12:09 3% [PATCH 00/26] lei: basic UI + IPC work Eric Wong
2020-12-18 12:09 7% ` [PATCH 08/26] lei: ensure we run a restrictive umask Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).