[PATCH] Re-add umask(0) code removed by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e
abartlet at samba.org
Tue Jun 18 01:58:16 MDT 2013
On Tue, 2013-06-18 at 09:16 +0200, Andreas Schneider wrote:
> On Monday 17 June 2013 17:10:37 Jeremy Allison wrote:
> > Fix bug introduced by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e.
> > Re-add umask(0) needed when creating pipes. Directory access
> > control is sufficient to ensure pipe access is secure, and
> > without the umask(0) then properly authorized processes
> > (the nss libraries) cannot connect.
> > This took far longer than it should have to track down at
> > the Microsoft interop event :-).
> Following the codepath of directory_create_or_exist_strict() I see that this
> function correctly sets the umask. So I don't see a reason beside making sure
> that if someone calls another function than directory_create_or_exist_strict()
> umask is set ...
Perhaps Jermey's patch is just over-broad, whereas it should have set it
only over the socket() call?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical