From 5af437fe9c99198287eadbc877cef2a0c3202a3c Mon Sep 17 00:00:00 2001
From: Robert de Bath <rdebath@tvisiontech.co.uk>
Date: Sun, 17 Jan 2016 08:31:15 +0000
Subject: Avoid permission race condition when dtach socket is created

Use umask(077) to avoid a race condition between the creation of the
dtach socket and the chmod system call on the socket.

This race condition can potentially be exploited when the dtach socket
is created in a directory such as /tmp.

(cherry picked from commit b71dfb2e2c02dfe14738781214a5734d63eeb772)
---
 master.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/master.c b/master.c
index 5c053e0..376bd54 100644
--- a/master.c
+++ b/master.c
@@ -183,6 +183,7 @@ create_socket(char *name)
 {
 	int s;
 	struct sockaddr_un sockun;
+	mode_t omask;
 
 	if (strlen(name) > sizeof(sockun.sun_path) - 1)
 	{
@@ -190,7 +191,9 @@ create_socket(char *name)
 		return -1;
 	}
 
+	omask = umask(077);
 	s = socket(PF_UNIX, SOCK_STREAM, 0);
+	umask(omask);	/* umask always succeeds, errno is untouched. */
 	if (s < 0)
 		return -1;
 	sockun.sun_family = AF_UNIX;
-- 
cgit v1.2.3