[PATCH] Re-add umask(0) code removed by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e

Andrew Bartlett abartlet at samba.org
Tue Jun 18 01:58:16 MDT 2013

On Tue, 2013-06-18 at 09:16 +0200, Andreas Schneider wrote:
> On Monday 17 June 2013 17:10:37 Jeremy Allison wrote:
> > Fix bug introduced by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e.
> > 
> > Re-add umask(0) needed when creating pipes. Directory access
> > control is sufficient to ensure pipe access is secure, and
> > without the umask(0) then properly authorized processes
> > (the nss libraries) cannot connect.
> > 
> > This took far longer than it should have to track down at
> > the Microsoft interop event :-).
> Following the codepath of directory_create_or_exist_strict() I see that this 
> function correctly sets the umask. So I don't see a reason beside making sure 
> that if someone calls another function than directory_create_or_exist_strict() 
> umask is set ...

Perhaps Jermey's patch is just over-broad, whereas it should have set it
only over the socket() call?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list