[PATCH] Re-add umask(0) code removed by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e
Jeremy Allison
jra at samba.org
Tue Jun 18 10:23:10 MDT 2013
On Tue, Jun 18, 2013 at 02:14:58PM +0200, Andreas Schneider wrote:
> On Tuesday 18 June 2013 17:58:16 Andrew Bartlett wrote:
> > On Tue, 2013-06-18 at 09:16 +0200, Andreas Schneider wrote:
> > > On Monday 17 June 2013 17:10:37 Jeremy Allison wrote:
> > > > Fix bug introduced by commit 3a7c2777ee0de37d758fe81d67d6836a8354825e.
> > > >
> > > > Re-add umask(0) needed when creating pipes. Directory access
> > > > control is sufficient to ensure pipe access is secure, and
> > > > without the umask(0) then properly authorized processes
> > > > (the nss libraries) cannot connect.
> > > >
> > > > This took far longer than it should have to track down at
> > > > the Microsoft interop event :-).
> > >
> > > Following the codepath of directory_create_or_exist_strict() I see that
> > > this function correctly sets the umask. So I don't see a reason beside
> > > making sure that if someone calls another function than
> > > directory_create_or_exist_strict() umask is set ...
> >
> > Perhaps Jermey's patch is just over-broad, whereas it should have set it
> > only over the socket() call?
>
> Yes, than it would be clear it is only for the socket call.
I'm actually planning to add a patch that sets umask(0)
for both nmbd and winbindd at startup (which currently
are missing it, smbd already does this) so that'll fix
it overall :-).
But first things first...
Jeremy
More information about the samba-technical
mailing list