Avoid permission race condition when dtach socket is created

Use umask(077) to avoid a race condition between the creation of the dtach socket and the chmod system call on the socket. This race condition can potentially be exploited when the dtach socket is created in a directory such as /tmp. (cherry picked from commit b71dfb2e2c02dfe14738781214a5734d63eeb772)
author: Robert de Bath <rdebath@tvisiontech.co.uk> 2016-01-17 08:31:15 +0000
committer: Ned T. Crigler <crigler@gmail.com> 2025-06-17 08:15:03 -0700
commit: 5af437fe9c99198287eadbc877cef2a0c3202a3c (patch)
tree: dd944f014247fe788b3d1783deb687b7ae8aeb0a /master.c
parent: c0d6ac74247c90b9a0e08aa066b3037430b7edce (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/master.c b/master.c
index 5c053e0..376bd54 100644
--- a/master.c
+++ b/master.c
@@ -183,6 +183,7 @@ create_socket(char *name)
 {
 	int s;
 	struct sockaddr_un sockun;
+	mode_t omask;
 
 	if (strlen(name) > sizeof(sockun.sun_path) - 1)
 	{
@@ -190,7 +191,9 @@ create_socket(char *name)
 		return -1;
 	}
 
+	omask = umask(077);
 	s = socket(PF_UNIX, SOCK_STREAM, 0);
+	umask(omask);	/* umask always succeeds, errno is untouched. */
 	if (s < 0)
 		return -1;
 	sockun.sun_family = AF_UNIX;
author	Robert de Bath <rdebath@tvisiontech.co.uk>	2016-01-17 08:31:15 +0000
committer	Ned T. Crigler <crigler@gmail.com>	2025-06-17 08:15:03 -0700
commit	5af437fe9c99198287eadbc877cef2a0c3202a3c (patch)
tree	dd944f014247fe788b3d1783deb687b7ae8aeb0a /master.c
parent	c0d6ac74247c90b9a0e08aa066b3037430b7edce (diff)