The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=88dd0550920c3dd378b2b761bda52339b5d860ec
commit 88dd0550920c3dd378b2b761bda52339b5d860ec Author: Mark Johnston <[email protected]> AuthorDate: 2024-11-05 17:48:37 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2024-11-05 18:24:03 +0000 syslogd: Fix handling of unix socket modes When bind() is called, the process umask is applied, so one has to either clear the umask before binding or call chmod() to add permissions after the fact. Do the former here to ensure that the socket always has the correct mode. Reported by: Lexi Winter <[email protected]> Fixes: 2b8c3a05e0a6 ("syslogd: Set unix socket modes atomically") --- usr.sbin/syslogd/syslogd.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 98ddb5d9158f..8fcf3f06cf95 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -3721,12 +3721,24 @@ socksetup(struct addrinfo *ai, const char *name, mode_t mode) if (ai->ai_family == AF_LOCAL) unlink(name); if (ai->ai_family == AF_LOCAL || NoBind == 0 || name != NULL) { + mode_t mask; + int error; + if (ai->ai_family == AF_LOCAL && fchmod(s, mode) < 0) { dprintf("fchmod %s: %s\n", name, strerror(errno)); close(s); return (NULL); } - if (bind(s, ai->ai_addr, ai->ai_addrlen) < 0) { + + /* + * For AF_LOCAL sockets, the process umask is applied to the + * mode set above, so temporarily clear it to ensure that the + * socket always has the correct permissions. + */ + mask = umask(0); + error = bind(s, ai->ai_addr, ai->ai_addrlen); + (void)umask(mask); + if (error < 0) { logerror("bind"); close(s); return (NULL);
