Control: forwarded -1 https://github.com/unbit/uwsgi/pull/2752
Hi, > The issue is uwsgi[-core] at least with it insecurely > creating the PID file. It explicitly calls umask(0), > changing the umask to 0[00] before creating the PID file. It's a combination of --pidfile and --daemonize that is required to trigger the problem. Workaround is to use --umask. > > uwsgi does not try to mess with umask of existing pidfiles. Should it? I'm > > not sure how this is used by external scripts... My guess is that scripts > > using uwsgi --pidfile should set umask as they wish and correctly cleanup > > left over pidfiles if uwsgi crashes. > > Problem is when uwsgi creates the PID file, it creates it insecurely, > even if a secure umask is set before it's invoked. > My work-around pre-creates the PID file, as you're correct that > uwsgi doesn't change permissions on the file if it already exists. > > > systemd users are clearly not concerned, not using pidfiles in default > > conf. > > Yes, for those using systemd it might partially or entirely mask the > issue. > > > Conclusion: I think mailman3-web needs fixing, maybe removing exiting > > pidfiles > > Sorry, I beg to differ on that. It's uwsgi that's insecurely creating PID > file. > mailman3-web is but one package that uses uwsgi[-core], and > uwsgi[-core] may similarly impact other packages. Shouldn't really have to > play > whack-a-mole implementing work-around for uwsgi issue in ever package that > does or may come to use uwsgi. :-) Ack, I proposed a fix upstream. Thanks, Alex
