Date: Tue, 5 Nov 2024 18:24:43 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 88dd0550920c - main - syslogd: Fix handling of unix socket modes Message-ID: <202411051824.4A5IOhoq024468@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=88dd0550920c3dd378b2b761bda52339b5d860ec commit 88dd0550920c3dd378b2b761bda52339b5d860ec Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2024-11-05 17:48:37 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-11-05 18:24:03 +0000 syslogd: Fix handling of unix socket modes When bind() is called, the process umask is applied, so one has to either clear the umask before binding or call chmod() to add permissions after the fact. Do the former here to ensure that the socket always has the correct mode. Reported by: Lexi Winter <lexi@le-fay.org> Fixes: 2b8c3a05e0a6 ("syslogd: Set unix socket modes atomically") --- usr.sbin/syslogd/syslogd.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 98ddb5d9158f..8fcf3f06cf95 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -3721,12 +3721,24 @@ socksetup(struct addrinfo *ai, const char *name, mode_t mode) if (ai->ai_family == AF_LOCAL) unlink(name); if (ai->ai_family == AF_LOCAL || NoBind == 0 || name != NULL) { + mode_t mask; + int error; + if (ai->ai_family == AF_LOCAL && fchmod(s, mode) < 0) { dprintf("fchmod %s: %s\n", name, strerror(errno)); close(s); return (NULL); } - if (bind(s, ai->ai_addr, ai->ai_addrlen) < 0) { + + /* + * For AF_LOCAL sockets, the process umask is applied to the + * mode set above, so temporarily clear it to ensure that the + * socket always has the correct permissions. + */ + mask = umask(0); + error = bind(s, ai->ai_addr, ai->ai_addrlen); + (void)umask(mask); + if (error < 0) { logerror("bind"); close(s); return (NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202411051824.4A5IOhoq024468>