[update_engine] Fix file creation mask to be 0600
In addition to changing the write() call in utils.cc, I also set the umask
of the process to be 177 -- meaning that files will be AT MOST -rw-------
I do this _after_ we initialize logging, so that we don't create log files
with unnecessarily restrictive permissions.
BUG=chromium-os:6581
TEST=Unit tests,
Change-Id: Id6b805a1524af391755bc1df69ec0f6c382154c2
[update_engine] Ensure that created files have restrictive permissions
Change-Id: If93e043465083f7c48619d0e7163dd73f8c46090
Review URL: http://codereview.chromium.org/3495002
diff --git a/extent_writer.h b/extent_writer.h
index 5eda364..1bb6f4a 100644
--- a/extent_writer.h
+++ b/extent_writer.h
@@ -66,7 +66,7 @@
private:
int fd_;
-
+
size_t block_size_;
// Bytes written into next_extent_index_ thus far
uint64_t extent_bytes_written_;
diff --git a/main.cc b/main.cc
index f027033..daa5eda 100644
--- a/main.cc
+++ b/main.cc
@@ -13,6 +13,8 @@
#include <gflags/gflags.h>
#include <glib.h>
#include <metrics/metrics_library.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include "update_engine/dbus_constants.h"
#include "update_engine/dbus_service.h"
@@ -105,6 +107,12 @@
LOG(INFO) << "Chrome OS Update Engine starting";
+ // Ensure that all written files have safe permissions.
+ // This is a mask, so we _block_ execute for the owner, and ALL
+ // permissions for other users.
+ // Done _after_ log file creation.
+ umask(S_IXUSR | S_IRWXG | S_IRWXO);
+
// Create the single GMainLoop
GMainLoop* loop = g_main_loop_new(g_main_context_default(), FALSE);
diff --git a/split_file_writer.cc b/split_file_writer.cc
index 690d4e3..dd211c8 100644
--- a/split_file_writer.cc
+++ b/split_file_writer.cc
@@ -43,7 +43,7 @@
ssize_t SplitFileWriter::Write(const void* bytes, size_t count) {
const size_t original_count = count;
-
+
// This first block is trying to read the first sizeof(uint64_t)
// bytes, which are the number of bytes that should be written
// to the first FileWriter.
@@ -78,11 +78,11 @@
first_length_ -
(bytes_received_ - static_cast<off_t>(sizeof(uint64_t))),
static_cast<off_t>(count));
-
+
int rc = PerformWrite(first_file_writer_, bytes, bytes_to_write);
if (rc != static_cast<int>(bytes_to_write))
return rc;
-
+
bytes_received_ += bytes_to_write;
count -= bytes_to_write;
bytes = static_cast<const void*>(
diff --git a/split_file_writer.h b/split_file_writer.h
index cba8161..508cae0 100644
--- a/split_file_writer.h
+++ b/split_file_writer.h
@@ -25,13 +25,13 @@
first_mode_(0),
second_file_writer_(second_file_writer),
bytes_received_(0) {}
-
+
void SetFirstOpenArgs(const char* path, int flags, mode_t mode) {
first_path_ = path;
first_flags_ = flags;
first_mode_ = mode;
}
-
+
// If both succeed, returns the return value from the second Open() call.
// On error, both files will be left closed.
virtual int Open(const char* path, int flags, mode_t mode);
@@ -47,11 +47,11 @@
const char* first_path_;
int first_flags_;
mode_t first_mode_;
-
- // The scond file writeer.
+
+ // The second file writer.
FileWriter* const second_file_writer_;
- // Bytes written thus far
+ // Bytes written thus far.
off_t bytes_received_;
char first_length_buf_[sizeof(uint64_t)];
diff --git a/utils.cc b/utils.cc
index 1d1cb7d..6ebffd0 100644
--- a/utils.cc
+++ b/utils.cc
@@ -50,7 +50,7 @@
DirectFileWriter writer;
TEST_AND_RETURN_FALSE_ERRNO(0 == writer.Open(path,
O_WRONLY | O_CREAT | O_TRUNC,
- 0666));
+ 0600));
ScopedFileWriterCloser closer(&writer);
TEST_AND_RETURN_FALSE_ERRNO(data_len == writer.Write(data, data_len));
return true;