From 03256a9ae707248414629c081668af32efb09105 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Mon, 30 Jul 2018 16:24:39 +0200 Subject: [PATCH] daemonize: use a safe umask for the daemon The reason for setting umask in a daemon is to get a defined umask value instead of whatever the calling user had configured. A umask of zero is dangerous, however, because it can easily cause world-readable and world-writeable files when oblivious code is involved that specified 0777 during open() calls, wanting to grant the user full control of the resulting file mode. Currently the daemon shouldn't be creating any new files so this is not a matter. This could change in the future, however. --- daemon/daemonize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/daemonize.c b/daemon/daemonize.c index 5a68cbf..7d796a8 100644 --- a/daemon/daemonize.c +++ b/daemon/daemonize.c @@ -61,7 +61,7 @@ void daemonize(const char *name) } /* Now continue execution */ - umask(0); + umask(0022); if (setsid() < 0) { FATAL_ERRORNO("Failed to create process group\n"); }