Do not create world-readable directories (#2161)

diff --git a/src/fs/ufs/UFSSwapDir.cc b/src/fs/ufs/UFSSwapDir.cc
index 243c187b5ef1217b4075386e822f0a970ed22570..403f71a4a667662681a665e4364fffef24918288 100644 (file)
--- a/src/fs/ufs/UFSSwapDir.cc
+++ b/src/fs/ufs/UFSSwapDir.cc
@@ -614,7 +614,7 @@ Fs::Ufs::UFSSwapDir::createDirectory(const char *aPath, int should_exist)
         } else {
             fatalf("Swap directory %s is not a directory.", aPath);
         }
-    } else if (0 == mkdir(aPath, 0755)) {
+    } else if (0 == mkdir(aPath, 0750)) {
         debugs(47, (should_exist ? DBG_IMPORTANT : 3), aPath << " created");
         created = 1;
     } else {
@@ -1338,7 +1338,7 @@ Fs::Ufs::UFSSwapDir::DirClean(int swap_index)
         int xerrno = errno;
         if (xerrno == ENOENT) {
             debugs(36, DBG_CRITICAL, MYNAME << "WARNING: Creating " << p1);
-            if (mkdir(p1.c_str(), 0777) == 0)
+            if (mkdir(p1.c_str(), 0750) == 0)
                 return 0;
         }
 

diff --git a/src/security/cert_generators/file/certificate_db.cc b/src/security/cert_generators/file/certificate_db.cc
index 339341aae26fc749c15a6a3b63af50fc7b9b50da..daca8d99c84f0e8c816d66a1c01077073719d511 100644 (file)
--- a/src/security/cert_generators/file/certificate_db.cc
+++ b/src/security/cert_generators/file/certificate_db.cc
@@ -371,10 +371,10 @@ Ssl::CertificateDb::Create(std::string const & db_path) {
     std::string cert_full(db_path + "/" + cert_dir);
     std::string size_full(db_path + "/" + size_file);
 
-    if (mkdir(db_path.c_str(), 0777))
+    if (mkdir(db_path.c_str(), 0750))
         throw TextException(ToSBuf("Cannot create ", db_path), Here());
 
-    if (mkdir(cert_full.c_str(), 0777))
+    if (mkdir(cert_full.c_str(), 0750))
         throw TextException(ToSBuf("Cannot create ", cert_full), Here());
 
     std::ofstream size(size_full.c_str());