76 lines
2.6 KiB
Diff
76 lines
2.6 KiB
Diff
From 260963a354d972201ffe9a6ce882f1c0e9b319d9 Mon Sep 17 00:00:00 2001
|
|
From: Jaroslav Jindrak <dzejrou@gmail.com>
|
|
Date: Sat, 23 Dec 2023 21:41:54 +0100
|
|
Subject: [PATCH 1/2] shim: Create pid-file with 0644 permissions
|
|
|
|
Fixes ae7021300
|
|
|
|
In ae7021300 the WritePidFile and WriteAddress functions were
|
|
changed to use AtomicFile instead of os.CreateFile. However,
|
|
AtomicFile creates a temporary file and then changes its permissions
|
|
with os.Chmod which alters the previously observed behavior of
|
|
os.CreateFile which takes the system's umask into account.
|
|
|
|
This means that on Linux-based systems these files suddenly
|
|
became world writable (#9363). The address file has since been
|
|
removed, but pid-file was still created as world writable. This
|
|
commit explicitly requests 0644 permissions as even on systems
|
|
without default umask of 0022 there is no reason to have these
|
|
two files world writable.
|
|
|
|
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
|
|
(cherry picked from commit 9d328410a5c7bab106fe81cd37a36e4534ce9205)
|
|
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
|
|
---
|
|
runtime/v2/shim/util.go | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
|
|
index fce1318a63ad..3740d87dbf8a 100644
|
|
--- a/runtime/v2/shim/util.go
|
|
+++ b/runtime/v2/shim/util.go
|
|
@@ -126,7 +126,7 @@ func WritePidFile(path string, pid int) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
- f, err := atomicfile.New(path, 0o666)
|
|
+ f, err := atomicfile.New(path, 0o644)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
From 8d82242eb525f87b91bbc2c2499559855dd363cf Mon Sep 17 00:00:00 2001
|
|
From: Jaroslav Jindrak <dzejrou@gmail.com>
|
|
Date: Sat, 23 Dec 2023 21:46:12 +0100
|
|
Subject: [PATCH 2/2] shim: Create address file with 0644 permissions
|
|
|
|
Fixes ae70213
|
|
|
|
In ae70213 the WritePidFile and WriteAddress functions were
|
|
changed to use AtomicFile instead of os.CreateFile. However,
|
|
AtomicFile creates a temporary file and then changes its permissions
|
|
with os.Chmod which alters the previously observed behavior of
|
|
os.CreateFile which takes the system's umask into account.
|
|
|
|
This means that on Linux-based systems these files suddenly
|
|
became world writable (#9363).
|
|
|
|
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
|
|
---
|
|
runtime/v2/shim/util.go | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
|
|
index 3740d87dbf8a..e8cfeec077c5 100644
|
|
--- a/runtime/v2/shim/util.go
|
|
+++ b/runtime/v2/shim/util.go
|
|
@@ -144,7 +144,7 @@ func WriteAddress(path, address string) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
- f, err := atomicfile.New(path, 0o666)
|
|
+ f, err := atomicfile.New(path, 0o644)
|
|
if err != nil {
|
|
return err
|
|
}
|