Date: Sun, 23 Jan 2022 20:27:00 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 28d0a7821adc - stable/12 - rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd Message-ID: <202201232027.20NKR09S004549@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=28d0a7821adc1421b26c45b5cd8ab6532e55ba62 commit 28d0a7821adc1421b26c45b5cd8ab6532e55ba62 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-01-18 14:14:54 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-01-23 20:24:36 +0000 rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd When a use sets umask in login.conf(5) to 027 or 077 a subsequently fetched /var/db/ntpd.leap-seconds.list will inherit the permissions allowed by the umask, resulting in a file that may not be readable ntpd running under the ntp account. This patch adds a umask command to preempt the umask in login.conf(5) prior to fetching a new copy of the leap-seconds file. PR: 261298 Reported by: Martin Waschbusch <martin@waschbuesch.de> (cherry picked from commit c6806434e79079f4f9419c3ba4fec37efcaa1635) --- libexec/rc/rc.d/ntpd | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd index 8b32e3e19d5b..c1d2f52a01b7 100755 --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -221,6 +221,8 @@ ntpd_fetch_leapfile() { if ntpd_needfetch_leapfile ; then for url in $ntp_leapfile_sources ; do $verbose fetching $url + # Circumvent umask 027 and 077 in login.conf(5) + umask 022 fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break done ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201232027.20NKR09S004549>