[devel] [PATCH 1/1] osaf: Set sticky bit for socket and pipe files [#2953]

Mon, 05 Nov 2018 00:58:01 -0800 

There are files, sockets and pipes have world writable permission,
but only root user and owner should be able to create/delete
these files. Sticky bit should be set for these sockets and pipes
for security reason.
---
 src/base/daemon.c               | 2 +-
 src/base/osaf_secutil.c         | 2 +-
 src/dtm/transport/log_server.cc | 2 +-
 src/nid/agent/nid_ipc.c         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/base/daemon.c b/src/base/daemon.c
index cdde7fd..50ddc50 100644
--- a/src/base/daemon.c
+++ b/src/base/daemon.c
@@ -162,7 +162,7 @@ static void create_fifofile(const char *fifofile)
 
        mask = umask(0);
 
-       if (mkfifo(fifofile, 0666) == -1) {
+       if (mkfifo(fifofile, 01666) == -1) {
                if (errno == EEXIST) {
                        syslog(LOG_INFO, "mkfifo already exists: %s %s",
                               fifofile, strerror(errno));
diff --git a/src/base/osaf_secutil.c b/src/base/osaf_secutil.c
index 0e175c9..71e512a 100644
--- a/src/base/osaf_secutil.c
+++ b/src/base/osaf_secutil.c
@@ -147,7 +147,7 @@ static int server_sock_create(const char *pathname)
        }
 
        /* Connecting to the socket object requires read/write permission. */
-       if (chmod(pathname, 0777) == -1) {
+       if (chmod(pathname, 01777) == -1) {
                LOG_ER("%s: chmod failed - %s", __FUNCTION__, strerror(errno));
                return -1;
        }
diff --git a/src/dtm/transport/log_server.cc b/src/dtm/transport/log_server.cc
index bef1f07..866fe59 100644
--- a/src/dtm/transport/log_server.cc
+++ b/src/dtm/transport/log_server.cc
@@ -35,7 +35,7 @@ LogServer::LogServer(int term_fd)
       max_backups_{9},
       max_file_size_{5 * 1024 * 1024},
       log_socket_{Osaflog::kServerSocketPath, base::UnixSocket::kNonblocking,
-                  0777},
+                  01777},
       log_streams_{},
       current_stream_{new LogStream{kMdsLogStreamName, 1, 5 * 1024 * 1024}},
       no_of_log_streams_{1} {
diff --git a/src/nid/agent/nid_ipc.c b/src/nid/agent/nid_ipc.c
index 172063a..eae8de3 100644
--- a/src/nid/agent/nid_ipc.c
+++ b/src/nid/agent/nid_ipc.c
@@ -66,7 +66,7 @@ uint32_t nid_create_ipc(char *strbuf)
        mask = umask(0);
 
        /* Create nid fifo */
-       if (mkfifo(NID_FIFO, 0666) < 0) {
+       if (mkfifo(NID_FIFO, 01666) < 0) {
                sprintf(strbuf, " FAILURE: Unable To Create FIFO Error:%s\n",
                        strerror(errno));
                umask(mask);
-- 
2.7.4



_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to