From: Francis Dupont <fdupont@isc.org>
Date: Fri, 31 May 2024 22:47:11 +0000 (+0200)
Subject: [#3050] Added Umask RAII and use it
X-Git-Tag: Kea-2.7.1~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84c437e30fe676a970b74e15401a1469fc829dce;p=thirdparty%2Fkea.git

[#3050] Added Umask RAII and use it
---

diff --git a/src/lib/process/daemon.cc b/src/lib/process/daemon.cc
index e201f5e8a5..39786e28f8 100644
--- a/src/lib/process/daemon.cc
+++ b/src/lib/process/daemon.cc
@@ -231,6 +231,9 @@ Daemon::writeConfigFile(const std::string& config_file,
         isc_throw(Unexpected, "Can't write configuration: conversion to JSON failed");
     }
 
+    // Remove rights for other from the umask.
+    Umask mask(S_IRWXO);
+
     std::ofstream out(config_file, std::ios::trunc);
     if (!out.good()) {
         isc_throw(Unexpected, "Unable to open file " + config_file + " for writing");
diff --git a/src/lib/util/filesystem.cc b/src/lib/util/filesystem.cc
index 5571231562..cc0cc03d0c 100644
--- a/src/lib/util/filesystem.cc
+++ b/src/lib/util/filesystem.cc
@@ -19,7 +19,6 @@
 #include <string>
 
 #include <fcntl.h>
-#include <sys/stat.h>
 
 using namespace isc::util::str;
 using namespace std;
@@ -69,6 +68,14 @@ isFile(string const& path) {
     return ((statbuf.st_mode & S_IFMT) == S_IFREG);
 }
 
+Umask::Umask(mode_t mask) : orig_umask_(umask(S_IWGRP | S_IWOTH)) {
+    umask(orig_umask_ | mask);
+}
+
+Umask::~Umask() {
+    umask(orig_umask_);
+}
+
 Path::Path(string const& full_name) {
     if (!full_name.empty()) {
         bool dir_present = false;
diff --git a/src/lib/util/filesystem.h b/src/lib/util/filesystem.h
index 1f20003f39..0305fa4d1c 100644
--- a/src/lib/util/filesystem.h
+++ b/src/lib/util/filesystem.h
@@ -7,6 +7,7 @@
 #ifndef KEA_UTIL_FILESYSTEM_H
 #define KEA_UTIL_FILESYSTEM_H
 
+#include <sys/stat.h>
 #include <string>
 
 namespace isc {
@@ -48,6 +49,23 @@ isDir(const std::string& path);
 bool
 isFile(const std::string& path);
 
+/// \brief RAII device to limit access of created files.
+struct Umask {
+    /// \brief Constructor
+    ///
+    /// Set wanted bits in umask.
+    Umask(mode_t mask);
+
+    /// \brief Destructor.
+    ///
+    /// Restore umask.
+    ~Umask();
+
+private:
+    /// \brief Original umask.
+    mode_t orig_umask_;
+};
+
 /// \brief Paths on a filesystem
 struct Path {
     /// \brief Constructor
diff --git a/src/lib/util/tests/filesystem_unittests.cc b/src/lib/util/tests/filesystem_unittests.cc
index 548070a35a..28d9513f1c 100644
--- a/src/lib/util/tests/filesystem_unittests.cc
+++ b/src/lib/util/tests/filesystem_unittests.cc
@@ -69,6 +69,18 @@ TEST_F(FileUtilTest, isFile) {
     EXPECT_FALSE(isFile(TEST_DATA_BUILDDIR));
 }
 
+/// @brief Check Umask.
+TEST_F(FileUtilTest, umask) {
+    // Protect the test itself assuming that Umask does what we expect...
+    Umask m0(0);
+    mode_t orig = umask(0);
+    {
+        Umask m(S_IROTH);
+        EXPECT_EQ(S_IROTH, umask(S_IRWXO));
+    }
+    EXPECT_EQ(0, umask(orig));
+}
+
 /// @brief Check that the components are split correctly.
 TEST(PathTest, components) {
     // Complete name