[update_engine] Fix file creation mask to be 0600

In addition to changing the write() call in utils.cc, I also set the umask
of the process to be 177 -- meaning that files will be AT MOST -rw-------

I do this _after_ we initialize logging, so that we don't create log files
with unnecessarily restrictive permissions.

BUG=chromium-os:6581
TEST=Unit tests,

Change-Id: Id6b805a1524af391755bc1df69ec0f6c382154c2

[update_engine] Ensure that created files have restrictive permissions

Change-Id: If93e043465083f7c48619d0e7163dd73f8c46090

Review URL: http://codereview.chromium.org/3495002
diff --git a/extent_writer.h b/extent_writer.h
index 5eda364..1bb6f4a 100644
--- a/extent_writer.h
+++ b/extent_writer.h
@@ -66,7 +66,7 @@
 
  private:
   int fd_;
-  
+
   size_t block_size_;
   // Bytes written into next_extent_index_ thus far
   uint64_t extent_bytes_written_;
diff --git a/main.cc b/main.cc
index f027033..daa5eda 100644
--- a/main.cc
+++ b/main.cc
@@ -13,6 +13,8 @@
 #include <gflags/gflags.h>
 #include <glib.h>
 #include <metrics/metrics_library.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 
 #include "update_engine/dbus_constants.h"
 #include "update_engine/dbus_service.h"
@@ -105,6 +107,12 @@
 
   LOG(INFO) << "Chrome OS Update Engine starting";
 
+  // Ensure that all written files have safe permissions.
+  // This is a mask, so we _block_ execute for the owner, and ALL
+  // permissions for other users.
+  // Done _after_ log file creation.
+  umask(S_IXUSR | S_IRWXG | S_IRWXO);
+
   // Create the single GMainLoop
   GMainLoop* loop = g_main_loop_new(g_main_context_default(), FALSE);
 
diff --git a/split_file_writer.cc b/split_file_writer.cc
index 690d4e3..dd211c8 100644
--- a/split_file_writer.cc
+++ b/split_file_writer.cc
@@ -43,7 +43,7 @@
 
 ssize_t SplitFileWriter::Write(const void* bytes, size_t count) {
   const size_t original_count = count;
-  
+
   // This first block is trying to read the first sizeof(uint64_t)
   // bytes, which are the number of bytes that should be written
   // to the first FileWriter.
@@ -78,11 +78,11 @@
         first_length_ -
         (bytes_received_ - static_cast<off_t>(sizeof(uint64_t))),
         static_cast<off_t>(count));
-      
+
     int rc = PerformWrite(first_file_writer_, bytes, bytes_to_write);
     if (rc != static_cast<int>(bytes_to_write))
       return rc;
-    
+
     bytes_received_ += bytes_to_write;
     count -= bytes_to_write;
     bytes = static_cast<const void*>(
diff --git a/split_file_writer.h b/split_file_writer.h
index cba8161..508cae0 100644
--- a/split_file_writer.h
+++ b/split_file_writer.h
@@ -25,13 +25,13 @@
         first_mode_(0),
         second_file_writer_(second_file_writer),
         bytes_received_(0) {}
-  
+
   void SetFirstOpenArgs(const char* path, int flags, mode_t mode) {
     first_path_ = path;
     first_flags_ = flags;
     first_mode_ = mode;
   }
-  
+
   // If both succeed, returns the return value from the second Open() call.
   // On error, both files will be left closed.
   virtual int Open(const char* path, int flags, mode_t mode);
@@ -47,11 +47,11 @@
   const char* first_path_;
   int first_flags_;
   mode_t first_mode_;
-  
-  // The scond file writeer.
+
+  // The second file writer.
   FileWriter* const second_file_writer_;
 
-  // Bytes written thus far
+  // Bytes written thus far.
   off_t bytes_received_;
   char first_length_buf_[sizeof(uint64_t)];
 
diff --git a/utils.cc b/utils.cc
index 1d1cb7d..6ebffd0 100644
--- a/utils.cc
+++ b/utils.cc
@@ -50,7 +50,7 @@
   DirectFileWriter writer;
   TEST_AND_RETURN_FALSE_ERRNO(0 == writer.Open(path,
                                                O_WRONLY | O_CREAT | O_TRUNC,
-                                               0666));
+                                               0600));
   ScopedFileWriterCloser closer(&writer);
   TEST_AND_RETURN_FALSE_ERRNO(data_len == writer.Write(data, data_len));
   return true;