pam_mkhomedir: call umask(2) and let the OS do the masking #129
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rather than chmod(2)ing everything that we create. This fixes a bug where the sgid bit from the parent directory was not inherited. We also try to preserve the permissions of the sub-directories from the skeleton directory.
t8m
requested changes
Jan 15, 2020
There was a problem hiding this comment.
If this changed code is accidentally run with umask set to allow others to write it will probably enable race condition attacks. Not that using such umask with pam_mkhomedir would not be security issue by itself. However I'd still prefer if we prevent such accident.
| @@ -26,21 +26,20 @@ | |||
| #include <security/pam_ext.h> | |||
| #include <security/pam_modutil.h> | |||
|
|
|||
| static unsigned long u_mask = 0022; | |||
There was a problem hiding this comment.
Please do not drop the 0022 default umask handling.
| errno = 0; | ||
| u_mask = strtoul(argv[2], &eptr, 0); | ||
| if (errno != 0 || *eptr != '\0') { | ||
| pam_syslog(NULL, LOG_ERR, "Bogus umask value %s", argv[2]); | ||
| return PAM_SESSION_ERR; | ||
| } | ||
|
|
||
| umask(u_mask); |
There was a problem hiding this comment.
Please call umask with the default 0022 value when the umask argument is not specified.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
rather than chmod(2)ing everything that we create. This fixes a bug
where the sgid bit from the parent directory was not inherited. We also
try to preserve the permissions of the sub-directories from the skeleton
directory.