Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: main.cc

Issue 3495002: [update_engine] Fix file creation mask to be 0600 (Closed) Base URL: http://git.chromium.org/git/update_engine.git
Patch Set: Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « file_writer.h ('k') | split_file_writer.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: main.cc
diff --git a/main.cc b/main.cc
index f027033a52172014d4564a6f3d1a2c9ded9682b1..daa5eda97c0949dd7a156bd363f376db0991da2f 100644
--- a/main.cc
+++ b/main.cc
@@ -13,6 +13,8 @@
#include <gflags/gflags.h>
#include <glib.h>
#include <metrics/metrics_library.h>
+#include <sys/types.h>
adlr 2010/09/23 19:16:06 the order of includes is: corresponding .h, if ap
+#include <sys/stat.h>
#include "update_engine/dbus_constants.h"
#include "update_engine/dbus_service.h"
@@ -105,6 +107,12 @@ int main(int argc, char** argv) {
LOG(INFO) << "Chrome OS Update Engine starting";
+ // Ensure that all written files have safe permissions.
+ // This is a mask, so we _block_ execute for the owner, and ALL
+ // permissions for other users.
+ // Done _after_ log file creation.
+ umask(S_IXUSR | S_IRWXG | S_IRWXO);
+
// Create the single GMainLoop
GMainLoop* loop = g_main_loop_new(g_main_context_default(), FALSE);
« no previous file with comments | « file_writer.h ('k') | split_file_writer.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698