]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 99ec44d)
Create logfiles in mode 0640
authorNick Mathewson <nickm@torproject.org>
Tue, 14 Mar 2017 15:36:53 +0000 (11:36 -0400)
committerNick Mathewson <nickm@torproject.org>
Tue, 14 Mar 2017 15:36:53 +0000 (11:36 -0400)
Patch from toralf; closes 21729.

changes/ticket21729 [new file with mode: 0644] patch | blob
src/common/log.c patch | blob | blame | history

diff --git a/changes/ticket21729 b/changes/ticket21729
new file mode 100644 (file)
index 0000000..51d1173
--- /dev/null
+++ b/changes/ticket21729
@@ -0,0 +1,7 @@
+  o Minor features (logging):
+    - Log files are no longer created world-readable by default.
+      (Previously, most distributors would store the logs in a
+      non-world-readable location to prevent inappropriate access. This
+      change is an extra precaution.)  Closes ticket 21729; patch from
+      toralf.
+
diff --git a/src/common/log.c b/src/common/log.c
index 5f7151bf0ccf04468e12afd03a1f8e2f30f6c058..f679336a9073f64e900dede247fb9111f25fd61d 100644 (file)
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -1086,7 +1086,7 @@ add_file_log(const log_severity_list_t *severity, const char *filename,
   int open_flags = O_WRONLY|O_CREAT;
   open_flags |= truncate_log ? O_TRUNC : O_APPEND;
 
-  fd = tor_open_cloexec(filename, open_flags, 0644);
+  fd = tor_open_cloexec(filename, open_flags, 0640);
   if (fd<0)
     return -1;
   if (tor_fd_seekend(fd)<0) {
Mirror of https://git.torproject.org/tor.git