Security fix on DLT pipes.

[profile/ivi/dlt-daemon.git] / src / lib / dlt_user.c

diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c
index e4368f7..867031c 100644 (file)
--- a/src/lib/dlt_user.c
+++ b/src/lib/dlt_user.c
@@ -182,7 +182,7 @@ int dlt_init(void)
     /* Try to delete existing pipe, ignore result of unlink */
     unlink(filename);
     
-    ret=mkfifo(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH  | S_IWOTH );
+    ret=mkfifo(filename, S_IRUSR | S_IWUSR | S_IWGRP | S_IRGRP );
     if (ret==-1)
     {
         sprintf(str,"Loging disabled, FIFO user %s cannot be created!\n",filename);
@@ -190,6 +190,15 @@ int dlt_init(void)
         /* return 0; */ /* removed to prevent error, when FIFO already exists */
     }
 
+    // S_IWGRP cannot be set by mkfifo (???), let's reassign right bits
+    ret=chmod(filename, S_IRUSR | S_IWUSR | S_IWGRP | S_IRGRP );
+    if (ret==-1)
+    {
+        sprintf(str,"FIFO user %s cannot be chmoded!\n", DLT_USER_DIR);
+        dlt_log(LOG_ERR, str);
+        return -1;
+    }
+
     dlt_user.dlt_user_handle = open(filename, O_RDWR | O_CLOEXEC);
     if (dlt_user.dlt_user_handle == DLT_FD_INIT)
     {