From owner-svn-src-stable-10@freebsd.org Sat Aug 29 20:41:10 2015 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27C1D9C5555; Sat, 29 Aug 2015 20:41:10 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 09971F2; Sat, 29 Aug 2015 20:41:10 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7TKf9bc008178; Sat, 29 Aug 2015 20:41:09 GMT (envelope-from jilles@FreeBSD.org) Received: (from jilles@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7TKf9TO008177; Sat, 29 Aug 2015 20:41:09 GMT (envelope-from jilles@FreeBSD.org) Message-Id: <201508292041.t7TKf9TO008177@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jilles set sender to jilles@FreeBSD.org using -f From: Jilles Tjoelker Date: Sat, 29 Aug 2015 20:41:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r287298 - stable/10/lib/libc/gen X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2015 20:41:10 -0000 Author: jilles Date: Sat Aug 29 20:41:09 2015 New Revision: 287298 URL: https://svnweb.freebsd.org/changeset/base/287298 Log: MFC r279084,280713: setmode(): Use sysctl kern.proc.umask instead of umask() if possible. The kern.proc.umask. sysctl allows querying the umask without temporarily modifying it. r280713 is the actual change, while r279084 is a whitespace change. Modified: stable/10/lib/libc/gen/setmode.c Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libc/gen/setmode.c ============================================================================== --- stable/10/lib/libc/gen/setmode.c Sat Aug 29 19:47:20 2015 (r287297) +++ stable/10/lib/libc/gen/setmode.c Sat Aug 29 20:41:09 2015 (r287298) @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include "namespace.h" #include #include +#include #include #include @@ -68,6 +69,7 @@ typedef struct bitcmd { #define CMD2_OBITS 0x08 #define CMD2_UBITS 0x10 +static mode_t getumask(void); static BITCMD *addcmd(BITCMD *, mode_t, mode_t, mode_t, mode_t); static void compress_mode(BITCMD *); #ifdef SETMODE_DEBUG @@ -169,7 +171,6 @@ setmode(const char *p) int serrno; char op, *ep; BITCMD *set, *saveset, *endset; - sigset_t sigset, sigoset; mode_t mask, perm, permXbits, who; long perml; int equalopdone; @@ -182,15 +183,9 @@ setmode(const char *p) /* * Get a copy of the mask for the permissions that are mask relative. - * Flip the bits, we want what's not set. Since it's possible that - * the caller is opening files inside a signal handler, protect them - * as best we can. + * Flip the bits, we want what's not set. */ - sigfillset(&sigset); - (void)_sigprocmask(SIG_BLOCK, &sigset, &sigoset); - (void)umask(mask = umask(0)); - mask = ~mask; - (void)_sigprocmask(SIG_SETMASK, &sigoset, NULL); + mask = ~getumask(); setlen = SET_LEN + 2; @@ -346,6 +341,35 @@ out: return NULL; } +static mode_t +getumask(void) +{ + sigset_t sigset, sigoset; + size_t len; + mode_t mask; + u_short smask; + + /* + * First try requesting the umask without temporarily modifying it. + * Note that this does not work if the sysctl + * security.bsd.unprivileged_proc_debug is set to 0. + */ + len = sizeof(smask); + if (sysctl((int[4]){ CTL_KERN, KERN_PROC, KERN_PROC_UMASK, getpid() }, + 4, &smask, &len, NULL, 0) == 0) + return (smask); + + /* + * Since it's possible that the caller is opening files inside a signal + * handler, protect them as best we can. + */ + sigfillset(&sigset); + (void)_sigprocmask(SIG_BLOCK, &sigset, &sigoset); + (void)umask(mask = umask(0)); + (void)_sigprocmask(SIG_SETMASK, &sigoset, NULL); + return (mask); +} + static BITCMD * addcmd(BITCMD *set, mode_t op, mode_t who, mode_t oparg, mode_t mask) {