You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/04/20 02:37:34 UTC

[Bug 3283] New: broken handling of umask

http://bugzilla.spamassassin.org/show_bug.cgi?id=3283

           Summary: broken handling of umask
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Libraries
        AssignedTo: spamassassin-dev@incubator.apache.org
        ReportedBy: alex-spamassassin@gossamer-threads.com


There are a number of places umask is used incorectly, or not set back properly.
Here's two places I found:

Index: lib/Mail/SpamAssassin/Locker/Unix.pm
===================================================================
--- lib/Mail/SpamAssassin/Locker/Unix.pm        (revision 10111)
+++ lib/Mail/SpamAssassin/Locker/Unix.pm        (working copy)
@@ -60,7 +60,7 @@
   my $lock_tmp = Mail::SpamAssassin::Util::untaint_file_path
                                        ("$path.lock.$hname.$$");
 
-  my $umask = 077;
+  my $umask = umask 077;
   if (!open(LTMP, ">$lock_tmp")) {
       umask $umask;
       die "lock: $$ cannot create tmp lockfile $lock_tmp for $lock_file: $!\n";

and:

Index: lib/Mail/SpamAssassin/Util.pm
===================================================================
--- lib/Mail/SpamAssassin/Util.pm       (revision 10111)
+++ lib/Mail/SpamAssassin/Util.pm       (working copy)
@@ -677,7 +677,6 @@
   }
 
   my $reportfile;
-  my $umask = 0;
   do {
     # we do not rely on the obscurity of this name for security...
     # we use a average-quality PRG since this is all we need
@@ -700,7 +699,6 @@
     # ...rather, we require O_EXCL|O_CREAT to guarantee us proper
     # ownership of our file; read the open(2) man page.
   } while (! sysopen (TMPFILE, $reportfile, O_RDWR|O_CREAT|O_EXCL, 0600));
-  umask $umask;
 
   return ($reportfile, \*TMPFILE);
 }

Version 2.63 also has several places that set umask to 0, but never set it back
(which results in leaving permissions wide open on an app that uses spamassassin).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.