Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Nov 2024 18:24:43 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 88dd0550920c - main - syslogd: Fix handling of unix socket modes
Message-ID:  <202411051824.4A5IOhoq024468@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=88dd0550920c3dd378b2b761bda52339b5d860ec

commit 88dd0550920c3dd378b2b761bda52339b5d860ec
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-11-05 17:48:37 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-11-05 18:24:03 +0000

    syslogd: Fix handling of unix socket modes
    
    When bind() is called, the process umask is applied, so one has to
    either clear the umask before binding or call chmod() to add permissions
    after the fact.  Do the former here to ensure that the socket always has
    the correct mode.
    
    Reported by:    Lexi Winter <lexi@le-fay.org>
    Fixes:          2b8c3a05e0a6 ("syslogd: Set unix socket modes atomically")
---
 usr.sbin/syslogd/syslogd.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index 98ddb5d9158f..8fcf3f06cf95 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -3721,12 +3721,24 @@ socksetup(struct addrinfo *ai, const char *name, mode_t mode)
 	if (ai->ai_family == AF_LOCAL)
 		unlink(name);
 	if (ai->ai_family == AF_LOCAL || NoBind == 0 || name != NULL) {
+		mode_t mask;
+		int error;
+
 		if (ai->ai_family == AF_LOCAL && fchmod(s, mode) < 0) {
 			dprintf("fchmod %s: %s\n", name, strerror(errno));
 			close(s);
 			return (NULL);
 		}
-		if (bind(s, ai->ai_addr, ai->ai_addrlen) < 0) {
+
+		/*
+		 * For AF_LOCAL sockets, the process umask is applied to the
+		 * mode set above, so temporarily clear it to ensure that the
+		 * socket always has the correct permissions.
+		 */
+		mask = umask(0);
+		error = bind(s, ai->ai_addr, ai->ai_addrlen);
+		(void)umask(mask);
+		if (error < 0) {
 			logerror("bind");
 			close(s);
 			return (NULL);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202411051824.4A5IOhoq024468>