Explicitly set the file mode of I/O log files so the mode is not

affected by the invoking user's umask.

diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index 2c09f95884f0d4bc141cdb45bf85e66f346c0d3f..6452acb8820d42f8e1edeed1e8eff52b354e3cf5 100644 (file)
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -103,10 +103,10 @@ io_mkdirs(char *path)
     }
     if (ok) {
        if (S_ISDIR(sb.st_mode)) {
-           if ((sb.st_mode & ALLPERMS) != iolog_dirmode)
-               ignore_result(chmod(path, iolog_dirmode));
            if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid)
                ignore_result(chown(path, iolog_uid, iolog_gid));
+           if ((sb.st_mode & ALLPERMS) != iolog_dirmode)
+               ignore_result(chmod(path, iolog_dirmode));
        } else {
            sudo_warnx(U_("%s exists but is not a directory (0%o)"),
                path, (unsigned int) sb.st_mode);
@@ -130,6 +130,7 @@ io_mkdirs(char *path)
            ok = false;
        } else {
            ignore_result(chown(path, iolog_uid, iolog_gid));
+           ignore_result(chmod(path, iolog_dirmode));
        }
     }
     if (uid_changed) {
@@ -374,6 +375,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
     }
     sudo_lock_file(fd, SUDO_LOCK);
     ignore_result(fchown(fd, iolog_uid, iolog_gid));
+    ignore_result(fchmod(fd, iolog_filemode));
 
     /*
      * If there is no seq file in iolog_dir and a fallback dir was
@@ -397,6 +399,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
            }
            if (fd2 != -1) {
                ignore_result(fchown(fd2, iolog_uid, gid));
+               ignore_result(fchmod(fd2, iolog_filemode));
                nread = read(fd2, buf, sizeof(buf) - 1);
                if (nread > 0) {
                    if (buf[nread - 1] == '\n')
@@ -522,6 +525,7 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
        }
        if (fd != -1) {
            ignore_result(fchown(fd, iolog_uid, iolog_gid));
+           ignore_result(fchmod(fd, iolog_filemode));
            (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
 #ifdef HAVE_ZLIB_H
            if (docompress)
@@ -764,6 +768,7 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
        debug_return_bool(false);
     }
     ignore_result(fchown(fd, iolog_uid, iolog_gid));
+    ignore_result(fchmod(fd, iolog_filemode));
 
     fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec,
        details->user ? details->user : "unknown", details->runas_pw->pw_name,

diff --git a/plugins/sudoers/mkdir_parents.c b/plugins/sudoers/mkdir_parents.c
index 335a35704fb121bd2f6c5a91e13f8cffe3fdcbe1..d49f93e2453ac89348d3adf3936ad128fa121c50 100644 (file)
--- a/plugins/sudoers/mkdir_parents.c
+++ b/plugins/sudoers/mkdir_parents.c
@@ -53,6 +53,7 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
        if (mkdir(path, mode) == 0) {
            if (uid != (uid_t)-1 && gid != (gid_t)-1)
                ignore_result(chown(path, uid, gid));
+           ignore_result(chmod(path, mode));
        } else {
            if (errno != EEXIST) {
                if (!quiet)
@@ -65,7 +66,14 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
                    sudo_warn(U_("unable to stat %s"), path);
                goto bad;
            }
-           if (!S_ISDIR(sb.st_mode)) {
+           if (S_ISDIR(sb.st_mode)) {
+               if (uid != (uid_t)-1 && gid != (gid_t)-1) {
+                   if (sb.st_uid != uid || sb.st_gid != uid)
+                       ignore_result(chown(path, uid, uid));
+               }
+               if ((sb.st_mode & ALLPERMS) != mode)
+                   ignore_result(chmod(path, mode));
+           } else {
                if (!quiet)
                    sudo_warnx(U_("%s exists but is not a directory (0%o)"),
                        path, (unsigned int) sb.st_mode);