Set umask before mkstemp() for some versions of glibc

author: Mukund Sivaraman <muks@banu.com> 2008-08-24 11:27:38 +0530
committer: Mukund Sivaraman <muks@banu.com> 2008-08-24 11:27:38 +0530
commit: fce253253a13f8aa010429443708043ea6d9d361 (patch)
tree: ac09ea0dea5c711c70fef3e66b0bc25cfe71aca1
parent: 62ddbd5e7491c4a751f0a4523b1d9d7acaeba9dd (diff)
download: tinyproxy-fce253253a13f8aa010429443708043ea6d9d361.tar.gz
tinyproxy-fce253253a13f8aa010429443708043ea6d9d361.zip
2 files changed, 6 insertions, 1 deletions
diff --git a/src/daemon.c b/src/daemon.c
index 4d4aedc..f0b0aba 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -42,7 +42,7 @@ makedaemon(void)
                 exit(0);
 
         chdir("/");
-        umask(077);
+        umask(0177);
 
 #if NDEBUG
         /*
diff --git a/src/tinyproxy.c b/src/tinyproxy.c
index 88bc9d3..f3bf169 100644
--- a/src/tinyproxy.c
+++ b/src/tinyproxy.c
@@ -188,6 +188,11 @@ main(int argc, char **argv)
         }
 #endif                          /* HAVE_SETRLIMIT */
 
+        /* Only allow u+rw bits. This may be required for some versions
+         * of glibc so that mkstemp() doesn't make us vulnerable.
+         */
+        umask(0177);
+
         /* Default configuration file location */
         config.config_file = DEFAULT_CONF_FILE;
author	Mukund Sivaraman <muks@banu.com>	2008-08-24 11:27:38 +0530
committer	Mukund Sivaraman <muks@banu.com>	2008-08-24 11:27:38 +0530
commit	fce253253a13f8aa010429443708043ea6d9d361 (patch)
tree	ac09ea0dea5c711c70fef3e66b0bc25cfe71aca1
parent	62ddbd5e7491c4a751f0a4523b1d9d7acaeba9dd (diff)
download	tinyproxy-fce253253a13f8aa010429443708043ea6d9d361.tar.gz tinyproxy-fce253253a13f8aa010429443708043ea6d9d361.zip