http://bugzilla.spamassassin.org/show_bug.cgi?id=3283
Summary: broken handling of umask
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: Libraries
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: alex-spamassassin@gossamer-threads.com
There are a number of places umask is used incorectly, or not set back properly.
Here's two places I found:
Index: lib/Mail/SpamAssassin/Locker/Unix.pm
===================================================================
--- lib/Mail/SpamAssassin/Locker/Unix.pm (revision 10111)
+++ lib/Mail/SpamAssassin/Locker/Unix.pm (working copy)
@@ -60,7 +60,7 @@
my $lock_tmp = Mail::SpamAssassin::Util::untaint_file_path
("$path.lock.$hname.$$");
- my $umask = 077;
+ my $umask = umask 077;
if (!open(LTMP, ">$lock_tmp")) {
umask $umask;
die "lock: $$ cannot create tmp lockfile $lock_tmp for $lock_file: $!\n";
and:
Index: lib/Mail/SpamAssassin/Util.pm
===================================================================
--- lib/Mail/SpamAssassin/Util.pm (revision 10111)
+++ lib/Mail/SpamAssassin/Util.pm (working copy)
@@ -677,7 +677,6 @@
}
my $reportfile;
- my $umask = 0;
do {
# we do not rely on the obscurity of this name for security...
# we use a average-quality PRG since this is all we need
@@ -700,7 +699,6 @@
# ...rather, we require O_EXCL|O_CREAT to guarantee us proper
# ownership of our file; read the open(2) man page.
} while (! sysopen (TMPFILE, $reportfile, O_RDWR|O_CREAT|O_EXCL, 0600));
- umask $umask;
return ($reportfile, \*TMPFILE);
}
Version 2.63 also has several places that set umask to 0, but never set it back
(which results in leaving permissions wide open on an app that uses spamassassin).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Summary: broken handling of umask
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: Libraries
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: alex-spamassassin@gossamer-threads.com
There are a number of places umask is used incorectly, or not set back properly.
Here's two places I found:
Index: lib/Mail/SpamAssassin/Locker/Unix.pm
===================================================================
--- lib/Mail/SpamAssassin/Locker/Unix.pm (revision 10111)
+++ lib/Mail/SpamAssassin/Locker/Unix.pm (working copy)
@@ -60,7 +60,7 @@
my $lock_tmp = Mail::SpamAssassin::Util::untaint_file_path
("$path.lock.$hname.$$");
- my $umask = 077;
+ my $umask = umask 077;
if (!open(LTMP, ">$lock_tmp")) {
umask $umask;
die "lock: $$ cannot create tmp lockfile $lock_tmp for $lock_file: $!\n";
and:
Index: lib/Mail/SpamAssassin/Util.pm
===================================================================
--- lib/Mail/SpamAssassin/Util.pm (revision 10111)
+++ lib/Mail/SpamAssassin/Util.pm (working copy)
@@ -677,7 +677,6 @@
}
my $reportfile;
- my $umask = 0;
do {
# we do not rely on the obscurity of this name for security...
# we use a average-quality PRG since this is all we need
@@ -700,7 +699,6 @@
# ...rather, we require O_EXCL|O_CREAT to guarantee us proper
# ownership of our file; read the open(2) man page.
} while (! sysopen (TMPFILE, $reportfile, O_RDWR|O_CREAT|O_EXCL, 0600));
- umask $umask;
return ($reportfile, \*TMPFILE);
}
Version 2.63 also has several places that set umask to 0, but never set it back
(which results in leaving permissions wide open on an app that uses spamassassin).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.