crash-manager, service: Set a restrictive umask

Setting such a mask will make any files created on ocassion (such as
temporary files) unreadable by others.

Change-Id: I6843a49cb123a663effb1ab99e8118e968786624

diff --git a/include/defs.h.in b/include/defs.h.in
index a3196cf..8c0760a 100644 (file)
--- a/include/defs.h.in
+++ b/include/defs.h.in
@@ -2,6 +2,7 @@
 #define __DEFS_H__
 
 #define KERNEL_DEFINED_TASK_COMM_LEN 16 // from include/linux/sched.h
+#define DEFAULT_UMASK                0077
 
 #define CRASH_PATH                     "@CRASH_PATH@"
 #define CRASH_ROOT_PATH                        "@CRASH_ROOT_PATH@"

diff --git a/src/crash-manager/main.c b/src/crash-manager/main.c
index 0860b0b..07324d9 100644 (file)
--- a/src/crash-manager/main.c
+++ b/src/crash-manager/main.c
@@ -6,6 +6,7 @@
 #include <sys/capability.h>
 #include <sys/prctl.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <unistd.h>
 
 #include "shared/log.h"
@@ -281,6 +282,9 @@ int main(int argc, char *argv[])
 {
        int res;
 
+       /* Have consinsent umask across invocations - from shell, crash-service, kernel */
+       umask(DEFAULT_UMASK);
+
        if (!drop_privileges(USER_NAME)) {
                res = EXIT_FAILURE;
                goto exit;

diff --git a/src/crash-service/crash-service.c b/src/crash-service/crash-service.c
index 655e080..e156653 100644 (file)
--- a/src/crash-service/crash-service.c
+++ b/src/crash-service/crash-service.c
@@ -22,6 +22,7 @@
 #include <stdbool.h>
 #include <stdlib.h>
 #include <sys/select.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
@@ -463,6 +464,9 @@ static bool dbus_init(void)
 
 int main(void)
 {
+       /* Have consinsent umask across invocations - from shell, crash-service, kernel */
+       umask(DEFAULT_UMASK);
+
        if (!have_livecoredumper()) {
                _E("livecoredumper not available - can not provide livedump API. Terminating.\n");
                return EXIT_FAILURE;