From: Oliver Kurth <okurth@vmware.com>
Date: Tue, 29 Jan 2019 22:03:18 +0000 (-0800)
Subject: Deploypkg log files of linux should not be world readable.
X-Git-Tag: stable-10.3.10~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f3630e77bcf647c22c40093bb37500f3032e578;p=thirdparty%2Fopen-vm-tools.git

Deploypkg log files of linux should not be world readable.
---

diff --git a/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c b/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c
index b0990e6c2..2eabd702e 100644
--- a/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c
+++ b/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c
@@ -30,6 +30,7 @@
 #include "vmware/tools/utils.h"
 
 #include <stdio.h>
+#include <sys/stat.h>
 
 #ifdef _WIN32
 #include <windows.h>
@@ -43,8 +44,9 @@ static FILE* _file = NULL;
  *
  * DeployPkgLog_Open --
  *
- *    Init the log. Creates a file in %temp%/vmware and 
- *    opens it for writing. On error, the file will not be opened and logging
+ *    Init the log. Creates a file in %temp%/vmware and
+ *    opens it for writing. On linux, only root own r/w right.
+ *    On error, the file will not be opened and logging
  *    will be disabled.
  *
  * Results:
@@ -67,7 +69,7 @@ DeployPkgLog_Open()
    if (ret == 0) {
       return;
    }
-   
+
    Str_Strcat(logPath, "vmware-imc", sizeof logPath);
 #else
    Str_Strcpy(logPath, "/var/log/vmware-imc", sizeof logPath);
@@ -79,6 +81,7 @@ DeployPkgLog_Open()
       if (_file != NULL) {
 #ifndef _WIN32
          setlinebuf(_file);
+         (void) chmod(logPath, 0600);
 #endif
          DeployPkgLog_Log(log_debug, "## Starting deploy pkg operation");
       }