Re: VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporar

bug-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporar

From:	Mark . Burgess
Subject:	Re: VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporarily set mode 755)
Date:	Fri, 30 Aug 2002 15:23:52 +0200 (MET DST)

This is not a problem,
M

On 30 Aug, David J. Bianco wrote:
> I just wanted to point out that 2.0.4b1 has the same problem I noticed
> before in 2.0.3.  What are folks' opinions on this?  
> 
>       Thanks,
>         David
> 
> -----Forwarded Message-----
> 
> From: David J. Bianco <address@hidden>
> To: address@hidden
> Subject: /var/cfengine temporarily set mode 755
> Date: 12 Aug 2002 14:25:27 -0400
> 
> I found a small bug in init.c.  Line 87, in the function 
> CheckWorkDirectories(), contains the following code:
> 
> chmod(VLOCKDIR,(mode_t)0755); /* Locks must be immutable to others */
> 
> I found that whenever cfagent runs, my /var/cfengine directory is
> set to mode 755.  My update.conf file restricts this even further
> (to 700), so the permissions come back to normal after a few
> seconds, but I think that the code above is a bug in that it makes
> an assumption about what I want my directory's permissions to be.
> It also potentially allows a third party to browse my directory,
> at least for a few seconds.
> 
> I think the intent was to remove write permission from group and
> other, so I think the following code will solve the problem
> more easily:
> 
> 
> /* find the current permissions for VLOCKDIR, subtract group and other
>  * write bits, and set new mode to be the result.  Do this because
>  * locks must be immutable to others.
>  */
>  if (stat(VLOCKDIR,&statbuf) == 0) {
>    chmod(VLOCKDIR, (mode_t) (statbuf.st_mode & 0755));
>  } else {
>    chmod(VLOCKDIR,(mode_t)0755); 
>  }
>       
> This code actually looks up the current mode for /var/cfengine
> and then just subtracts the write bits for group and other.  
> I have tested this under RedHat Linux 7.3 (intel) but not on
> other platforms, though I believe it's pretty portable.
> 
>       David
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Prev in Thread]

Current Thread

[Next in Thread]

VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporarily set mode 755), David J. Bianco, 2002/08/30
- Re: VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporarily set mode 755), Mark . Burgess <=

Prev by Date: VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporarily set mode 755)
Next by Date: Cfengine 2.0.4 released
Previous by thread: VLOCKDIR changed to mode 755 in 2.0.4b1 (was: /var/cfengine temporarily set mode 755)
Next by thread: Cfengine 2.0.4 released
Index(es):
- Date
- Thread