From e605ec76c5a3afe9390ca95709fed719a098235a Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Wed, 16 Dec 2020 05:59:41 +0000 Subject: [PATCH] lei: ensure we run a restrictive umask While we configure the LeiStore git repos and DBs to have a restrictive umask, lei may also write to Maildirs/mboxes/etc. We will follow mutt behavior when saving files/messages to the FS. We only want to create files which are only readable by the local user since this is intended for private mail and could be used on shared systems. We may allow passing the umask on a per-command-basis, but it's probably not worth the effort to support. --- lib/PublicInbox/LeiDaemon.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/LeiDaemon.pm b/lib/PublicInbox/LeiDaemon.pm index 010c1cba..1f170f1d 100644 --- a/lib/PublicInbox/LeiDaemon.pm +++ b/lib/PublicInbox/LeiDaemon.pm @@ -538,12 +538,11 @@ sub lazy_start { die "connect($path): $!"; } require IO::FDPass; - my $umask = umask(077) // die("umask(077): $!"); + umask(077) // die("umask(077): $!"); my $l = IO::Socket::UNIX->new(Local => $path, Listen => 1024, Type => SOCK_STREAM) or $err = $!; - umask($umask) or die("umask(restore): $!"); $l or return die "bind($path): $err"; my @st = stat($path) or die "stat($path): $!"; my $dev_ino_expect = pack('dd', $st[0], $st[1]); # dev+ino @@ -638,6 +637,7 @@ sub oneshot { my $exit = $main_pkg->can('exit'); # caller may override exit() local $quit = $exit if $exit; local %PATH2CFG; + umask(077) // die("umask(077): $!"); dispatch({ 0 => *STDIN{IO}, 1 => *STDOUT{IO}, -- 2.44.0