Hi,
On Thu, Feb 16, 2006 at 02:15:07PM +0000, Philip Hazel wrote:
> On Wed, 15 Feb 2006, Marc Haber wrote:
> > The issue in question shows that some part in exim's content scanner
> > invokes fopen() after explicitly setting umask(0), so that the file
> > created ends up in the file system with 666 permission.
>
> Near the start of Exim there is this code:
>
> /* Set the umask to zero so that any files that Exim creates are created
> with the modes that it specifies. */
That comment should be "can later be chmodded to what exim specified".
As long as fopen() is used, umask 0 causes newly created files to be
world writeable.
> umask(0);
>
> The only other calls to umask are in connection with created
> subprocesses (e.g. for the pipe transport). When Exim creates a spool
> file, it does this:
>
> /* Make sure the file's group is the Exim gid, and double-check the mode
> because the group setting doesn't always get set automatically. */
>
> (void)fchown(data_fd, exim_uid, exim_gid);
> (void)fchmod(data_fd, SPOOL_MODE);
That code would also work in case that the file had been created with
000 permissions, and creating it with 000 permissions would eliminate
the race condition that the file is left world writeable for a short
period of time.
> Any background that there is happened far too long ago for me to
> remember what it was. However, it is fairly obvious that Exim should not
> just inherit whatever the umask happens to be when it is called.
Yes, but I don't see any advantage in having it run with umask 0.
Wouldn't it be possible to have it run with umask 077 or even 777,
forcing it to fchmod files after creation to something useable?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835