From 1703489bd31bbb5280f55571e8abe2b6f32bcbb3 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Mon, 30 Jul 2018 16:24:39 +0200 Subject: [PATCH] daemonize: use a safe umask for the daemon The reason for setting umask in a daemon is to get a defined umask value instead of whatever the calling user had configured. A umask of zero is dangerous, however, because it can easily cause world-readable and world-writeable files when oblivious code is involved that specified 0777 during open() calls, wanting to grant the user full control of the resulting file mode. Currently the daemon shouldn't be creating any new files so this is not a matter. This could change in the future, however. --- daemon/daemonize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/daemonize.c b/daemon/daemonize.c index 5a68cbf..7d796a8 100644 --- a/daemon/daemonize.c +++ b/daemon/daemonize.c @@ -61,7 +61,7 @@ void daemonize(const char *name) } /* Now continue execution */ - umask(0); + umask(0022); if (setsid() < 0) { FATAL_ERRORNO("Failed to create process group\n"); }