diff options
| author | pjd <pjd@FreeBSD.org> | 2005-09-16 11:24:28 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2005-09-16 11:24:28 +0000 |
| commit | c71407b5890e69c4a1adc0e0936f0d7e9cd24be4 (patch) | |
| tree | d2465334cbecfbd0881a19b190bef28772de14f5 | |
| parent | d2f7ab28daf6bc7f93eb290728f89c7d713ca0ce (diff) | |
| download | FreeBSD-src-c71407b5890e69c4a1adc0e0936f0d7e9cd24be4.zip FreeBSD-src-c71407b5890e69c4a1adc0e0936f0d7e9cd24be4.tar.gz | |
Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.
Pointed out by: green
| -rw-r--r-- | lib/libutil/pidfile.3 | 2 | ||||
| -rw-r--r-- | usr.sbin/cron/cron/cron.c | 2 | ||||
| -rw-r--r-- | usr.sbin/inetd/inetd.c | 2 | ||||
| -rw-r--r-- | usr.sbin/mountd/mountd.c | 2 | ||||
| -rw-r--r-- | usr.sbin/moused/moused.c | 2 | ||||
| -rw-r--r-- | usr.sbin/watchdogd/watchdogd.c | 2 |
6 files changed, 6 insertions, 6 deletions
diff --git a/lib/libutil/pidfile.3 b/lib/libutil/pidfile.3 index 4ae7067..81ccab1 100644 --- a/lib/libutil/pidfile.3 +++ b/lib/libutil/pidfile.3 @@ -100,7 +100,7 @@ The following example shows in which order those functions should be used. struct pidfh *pfh; pid_t otherpid, childpid; -pfh = pidfile_open("/var/run/daemon.pid", 0644, &otherpid); +pfh = pidfile_open("/var/run/daemon.pid", 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) errx(EXIT_FAILURE, "Daemon already running, pid: %d.", otherpid); diff --git a/usr.sbin/cron/cron/cron.c b/usr.sbin/cron/cron/cron.c index f092fae..3ebdcf2 100644 --- a/usr.sbin/cron/cron/cron.c +++ b/usr.sbin/cron/cron/cron.c @@ -72,7 +72,7 @@ open_pidfile(void) int otherpid; (void) snprintf(pidfile, sizeof(pidfile), PIDFILE, PIDDIR); - pfh = pidfile_open(pidfile, 0644, &otherpid); + pfh = pidfile_open(pidfile, 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) { snprintf(buf, sizeof(buf), diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index 4d41e81..e5f7365 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -467,7 +467,7 @@ main(int argc, char **argv) if (debug == 0) { pid_t otherpid; - pfh = pidfile_open(pid_file, 0644, &otherpid); + pfh = pidfile_open(pid_file, 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) { syslog(LOG_ERR, "%s already running, pid: %d", diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index e557b59..52ccc57 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -275,7 +275,7 @@ main(argc, argv) udp6sock = tcp6sock = 0; /* Check that another mountd isn't already running. */ - pfh = pidfile_open(_PATH_MOUNTDPID, 0644, &otherpid); + pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) errx(1, "mountd already running, pid: %d.", otherpid); diff --git a/usr.sbin/moused/moused.c b/usr.sbin/moused/moused.c index 9fa5145..39efac1 100644 --- a/usr.sbin/moused/moused.c +++ b/usr.sbin/moused/moused.c @@ -918,7 +918,7 @@ moused(void) logerr(1, "cannot open /dev/consolectl"); if (!nodaemon && !background) { - pfh = pidfile_open(pidfile, 0644, &mpid); + pfh = pidfile_open(pidfile, 0600, &mpid); if (pfh == NULL) { if (errno == EEXIST) logerrx(1, "moused already running, pid: %d", mpid); diff --git a/usr.sbin/watchdogd/watchdogd.c b/usr.sbin/watchdogd/watchdogd.c index d8ab361..8d084c7 100644 --- a/usr.sbin/watchdogd/watchdogd.c +++ b/usr.sbin/watchdogd/watchdogd.c @@ -97,7 +97,7 @@ main(int argc, char *argv[]) if (watchdog_onoff(1) == -1) exit(EX_SOFTWARE); - pfh = pidfile_open(pidfile, 0644, &otherpid); + pfh = pidfile_open(pidfile, 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) { errx(EX_SOFTWARE, "%s already running, pid: %d", |
