Currently fcoemon creates a world and group writable PID file which could be locally exploited. This patch sets umask to 177 before the PID file creation.
Signed-off-by: Petr Sabata <[email protected]> --- fcoemon.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/fcoemon.c b/fcoemon.c index f2f3b86..4ee18f3 100644 --- a/fcoemon.c +++ b/fcoemon.c @@ -2320,6 +2320,7 @@ static void fcm_pidfile_create(void) } fclose(fp); } + umask(~(S_IRUSR | S_IWUSR)); fp = fopen(fcm_pidfile, "w+"); if (fp) { fprintf(fp, "%d\n", getpid()); -- 1.7.4.4 _______________________________________________ devel mailing list [email protected] https://lists.open-fcoe.org/mailman/listinfo/devel
