Set umask temporarily when creating files instead of changing the

mode after the fact.  This is slightly less error prone.

diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index 9687b6d241d370c8569dc9a605bf34ec38e791f8..924fa88a9b5e1a0e5c68fef1c6b91cd47c909973 100644 (file)
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -130,7 +130,6 @@ io_mkdirs(char *path)
            ok = false;
        } else {
            ignore_result(chown(path, iolog_uid, iolog_gid));
-           ignore_result(chmod(path, iolog_dirmode));
        }
     }
     if (uid_changed) {
@@ -340,12 +339,16 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
     char buf[32], *ep;
     int i, len, fd = -1;
     unsigned long id = 0;
+    mode_t omask;
     ssize_t nread;
     bool ret = false;
     char pathbuf[PATH_MAX];
     static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
     debug_decl(io_nextid, SUDOERS_DEBUG_UTIL)
 
+    /* umask must not be more restrictive than the file modes. */
+    omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode));
+
     /*
      * Create I/O log directory if it doesn't already exist.
      */
@@ -374,7 +377,6 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
     }
     sudo_lock_file(fd, SUDO_LOCK);
     ignore_result(fchown(fd, iolog_uid, iolog_gid));
-    ignore_result(fchmod(fd, iolog_filemode));
 
     /*
      * If there is no seq file in iolog_dir and a fallback dir was
@@ -398,7 +400,6 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
            }
            if (fd2 != -1) {
                ignore_result(fchown(fd2, iolog_uid, iolog_gid));
-               ignore_result(fchmod(fd2, iolog_filemode));
                nread = read(fd2, buf, sizeof(buf) - 1);
                if (nread > 0) {
                    if (buf[nread - 1] == '\n')
@@ -464,6 +465,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
     ret = true;
 
 done:
+    umask(omask);
     if (fd != -1)
        close(fd);
     debug_return_bool(ret);
@@ -524,7 +526,6 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
        }
        if (fd != -1) {
            ignore_result(fchown(fd, iolog_uid, iolog_gid));
-           ignore_result(fchmod(fd, iolog_filemode));
            (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
 #ifdef HAVE_ZLIB_H
            if (docompress)
@@ -767,7 +768,6 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
        debug_return_bool(false);
     }
     ignore_result(fchown(fd, iolog_uid, iolog_gid));
-    ignore_result(fchmod(fd, iolog_filemode));
 
     fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec,
        details->user ? details->user : "unknown", details->runas_pw->pw_name,
@@ -850,6 +850,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
     char * const *cur;
     const char *cp, *plugin_path = NULL;
     size_t len;
+    mode_t omask;
     int i, ret = -1;
     debug_decl(sudoers_io_open, SUDOERS_DEBUG_PLUGIN)
 
@@ -875,6 +876,10 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
            continue;
        }
     }
+
+    /* umask must not be more restrictive than the file modes. */
+    omask = umask(ACCESSPERMS & ~(iolog_filemode|iolog_dirmode));
+
     if (!sudoers_debug_register(plugin_path, &debug_files)) {
        ret = -1;
        goto done;
@@ -943,6 +948,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
     ret = true;
 
 done:
+    umask(omask);
     free(tofree);
     if (iolog_details.runas_pw)
        sudo_pw_delref(iolog_details.runas_pw);

diff --git a/plugins/sudoers/mkdir_parents.c b/plugins/sudoers/mkdir_parents.c
index 87db53f153fa5d4167e32f9437b9d406c48c4019..335a35704fb121bd2f6c5a91e13f8cffe3fdcbe1 100644 (file)
--- a/plugins/sudoers/mkdir_parents.c
+++ b/plugins/sudoers/mkdir_parents.c
@@ -53,7 +53,6 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
        if (mkdir(path, mode) == 0) {
            if (uid != (uid_t)-1 && gid != (gid_t)-1)
                ignore_result(chown(path, uid, gid));
-           ignore_result(chmod(path, mode));
        } else {
            if (errno != EEXIST) {
                if (!quiet)

diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
index f3c7bf58e3253fb13f27ef0ea3a7acbb54858724..f0a21a5a35320c8b3d8e4c5a3b03d705221e7a7c 100644 (file)
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -154,8 +154,11 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
     mode_t parent_mode, bool quiet)
 {
     bool ret;
+    mode_t omask;
     debug_decl(ts_mkdirs, SUDOERS_DEBUG_AUTH)
 
+    /* umask must not be more restrictive than the file modes. */
+    omask = umask(ACCESSPERMS & ~(mode|parent_mode));
     ret = sudo_mkdir_parents(path, owner, group, parent_mode, quiet); 
     if (ret) {
        /* Create final path component. */
@@ -170,6 +173,7 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
            ignore_result(chown(path, owner, group));
        }
     }
+    umask(omask);
     debug_return_bool(ret);
 }