mdmon: ensure Unix domain socket is created with safe permissions.

In the unlikely case that mdmon is started with an overly
permissive umask, we don't want to risk giving away world acccess.

All other "mkdir" and  "O_CREAT" calls in mdmon and mdadm set
a suitably restrictive permission mask.  'bind' don't take an
explicit mask so it needs an implicit one.

Reported-by: Vincent Berg <vberg@ioactive.com>
Signed-off-by: NeilBrown <neilb@suse.de>

diff --git a/mdmon.c b/mdmon.c
index b84d4d9520485c04e55e7ebaccc844e0e81f2f67..21221cd619999a5ed1da5c25746aae0fa2983aaa 100644 (file)
--- a/mdmon.c
+++ b/mdmon.c
@@ -232,6 +232,7 @@ static int make_control_sock(char *devname)
 
        addr.sun_family = PF_LOCAL;
        strcpy(addr.sun_path, path);
+       umask(077); /* ensure no world write access */
        if (bind(sfd, &addr, sizeof(addr)) < 0) {
                close(sfd);
                return -1;