aboutsummaryrefslogtreecommitdiff
path: root/qga/main.c
diff options
context:
space:
mode:
authorLaszlo Ersek <lersek@redhat.com>2013-04-24 13:13:18 +0200
committerAnthony Liguori <aliguori@us.ibm.com>2013-05-07 06:46:26 -0500
commitc689b4f1bac352dcfd6ecb9a1d45337de0f1de67 (patch)
treee9432502391143692a6400bf888b0ecbc52ea7fc /qga/main.c
parentd7108d90100d5bac5965abef5ed73f2602adae14 (diff)
qga: set umask 0077 when daemonizing (CVE-2013-2007)
The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at least all files created with the "guest-file-open" QMP command, and all files created with shell output redirection (or otherwise) by utilities invoked by the fsfreeze hook script are affected. For now mask all file mode bits for "group" and "others" in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the "guest-file-open" QMP call. Do so without changing the umask temporarily. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'qga/main.c')
-rw-r--r--qga/main.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/qga/main.c b/qga/main.c
index 1841759db2..44a283686b 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -478,7 +478,7 @@ static void become_daemon(const char *pidfile)
}
}
- umask(0);
+ umask(S_IRWXG | S_IRWXO);
sid = setsid();
if (sid < 0) {
goto fail;