From c71407b5890e69c4a1adc0e0936f0d7e9cd24be4 Mon Sep 17 00:00:00 2001 From: pjd Date: Fri, 16 Sep 2005 11:24:28 +0000 Subject: Pidfiles should be created with permission preventing users from opening them for reading. When user can open file for reading, he can also flock(2) it, which can lead to confusions. Pointed out by: green --- lib/libutil/pidfile.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/libutil') diff --git a/lib/libutil/pidfile.3 b/lib/libutil/pidfile.3 index 4ae7067..81ccab1 100644 --- a/lib/libutil/pidfile.3 +++ b/lib/libutil/pidfile.3 @@ -100,7 +100,7 @@ The following example shows in which order those functions should be used. struct pidfh *pfh; pid_t otherpid, childpid; -pfh = pidfile_open("/var/run/daemon.pid", 0644, &otherpid); +pfh = pidfile_open("/var/run/daemon.pid", 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) errx(EXIT_FAILURE, "Daemon already running, pid: %d.", otherpid); -- cgit v1.1