[pulseaudio-discuss] [PATCH] main: set umask to 077 instead of 022

Tanu Kaskinen tanuk at iki.fi
Sun Aug 20 05:05:11 UTC 2017


On Fri, 2017-08-18 at 11:43 +0530, Arun Raghavan wrote:
> 
> On Thu, 17 Aug 2017, at 10:54 PM, Tanu Kaskinen wrote:
> > It was reported that PulseAudio weakens the umask to 022 if it's
> > initially set to 077. That's not as big problem as it might seem,
> > but it's still a problem. The umask affects the permissions of the state
> > files, and those aren't readable by other users anyway in the per-user
> > mode, because PulseAudio puts them in directories that aren't
> > accessible to other users. In the system mode the state files will be
> > readable by everyone, though, even by those users that don't otherwise
> > have access to PulseAudio. The state files are slightly
> > privacy-sensitive, because they contain e.g. history of applications
> > that have used PulseAudio.
> > 
> > I can't think of any use cases where access to the state files by other
> > users would be necessary, either in the per-user mode or in the system
> > mode, so let's use umask 077. This doesn't prevent access to any
> > sockets in the system mode, because all directories that PulseAudio
> > creates in the system mode will have permissions 755 regardless of the
> > umask, and the sockets themselves always have permissions 777.
> > 
> > BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=102060
> > ---
> >  src/daemon/main.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/daemon/main.c b/src/daemon/main.c
> > index f35252d06..9d99b8fe2 100644
> > --- a/src/daemon/main.c
> > +++ b/src/daemon/main.c
> > @@ -888,7 +888,7 @@ int main(int argc, char *argv[]) {
> >  
> >      pa_set_env_and_record("PULSE_INTERNAL", "1");
> >      pa_assert_se(chdir("/") == 0);
> > -    umask(0022);
> > +    umask(0077);
> >  
> >  #ifdef HAVE_SYS_RESOURCE_H
> >      set_all_rlimits(conf);
> > -- 
> 
> Patch itself looks good to me. I suggest waiting a bit in case someone
> has a use-case we have missed, and also making a note of this change for
> the 12.0 release.

Sure, I'll add the change to the release notes. But do you mean version
11 or 12? In IRC you said "Sounds okay as something for 11.0 (umask 077
always)". I don't mind either way.

-- 
Tanu

https://www.patreon.com/tanuk


More information about the pulseaudio-discuss mailing list