Re: [exim-dev] fopen(), umask, and file permissions

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MMarc Haber at <-
M\Philip Hazel at ->
Delete this message
Reply to this message
Author: Jakob Hirsch
Date:  
To: Marc Haber
CC: exim-dev
Subject: Re: [exim-dev] fopen(), umask, and file permissions
Marc Haber wrote:

> The issue in question shows that some part in exim's content scanner
> invokes fopen() after explicitly setting umask(0), so that the file
> created ends up in the file system with 666 permission.

Exim's spool directory is 0750 by default, so the impact is limited.

> A cursory inspection of exim's code shows up other places where
> fopen() is used with umask 0, and there are even places where
> fopen()/fchmod() is used, introducing possible race conditions.

Which race condition do you specifically mean?

AFAICS, it's not done to limit rights, but to ensure that a process
running with Exim's uid has proper rights to access the files. (Except
of transport.c, I didn't look into that.)


But it could really be better to use a fopen_with_umask wrapper, that's
right.


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] fopen(), umask, and file permissionsRe: [exim-dev] fopen(), umask, and file permissions->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)