Imre Fitos created DAEMON-280:
---------------------------------
Summary: jsvc umask comparison wrong - fix attached
Key: DAEMON-280
URL: https://issues.apache.org/jira/browse/DAEMON-280
Project: Commons Daemon
Issue Type: Bug
Components: Jsvc
Affects Versions: 1.0.13
Environment: linux x64 ubuntu 12.04
Reporter: Imre Fitos
Priority: Minor
Current code does a bitwise AND with the supplied umask and decimal 022.
This will pass on 022 but fail on most other, proper umasks like 077.
This is still present in 1.0.14
patch to fix is here:
--- commons-daemon-1.0.13-src-ORIG/src/native/unix/native/jsvc-unix.c
2013-02-06 13:15:58.000000000 -0500
+++ commons-daemon-1.0.13-src/src/native/unix/native/jsvc-unix.c
2013-02-22 13:19:08.937906780 -0500
@@ -1230,13 +1230,13 @@
/*
* umask() uses inverse logic; bits are CLEAR for allowed access.
*/
- if (~args->umask & 0022) {
- log_error("NOTICE: jsvc umask of %03o allows "
+ if ((~(args->umask % 10) & 2) || (~(args->umask / 10) & 2)) {
+ log_error("NOTICE: jsvc umask of %04d allows "
"write permission to group and/or other", args->umask);
}
envmask = umask(args->umask);
set_output(args->outfile, args->errfile, args->redirectstdin,
args->procname);
- log_debug("Switching umask back to %03o from %03o", envmask, args->umask);
+ log_debug("Switching umask back to %04d from %04d", envmask, args->umask);
res = run_controller(args, data, uid, gid);
if (logger_pid != 0) {
kill(logger_pid, SIGTERM);
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
