[pulseaudio-discuss] [PATCH] main: set umask to 077 instead of 022
Arun Raghavan
arun at arunraghavan.net
Sun Aug 20 05:42:00 UTC 2017
On Sun, 20 Aug 2017, at 10:35 AM, Tanu Kaskinen wrote:
> On Fri, 2017-08-18 at 11:43 +0530, Arun Raghavan wrote:
> >
> > On Thu, 17 Aug 2017, at 10:54 PM, Tanu Kaskinen wrote:
> > > It was reported that PulseAudio weakens the umask to 022 if it's
> > > initially set to 077. That's not as big problem as it might seem,
> > > but it's still a problem. The umask affects the permissions of the state
> > > files, and those aren't readable by other users anyway in the per-user
> > > mode, because PulseAudio puts them in directories that aren't
> > > accessible to other users. In the system mode the state files will be
> > > readable by everyone, though, even by those users that don't otherwise
> > > have access to PulseAudio. The state files are slightly
> > > privacy-sensitive, because they contain e.g. history of applications
> > > that have used PulseAudio.
> > >
> > > I can't think of any use cases where access to the state files by other
> > > users would be necessary, either in the per-user mode or in the system
> > > mode, so let's use umask 077. This doesn't prevent access to any
> > > sockets in the system mode, because all directories that PulseAudio
> > > creates in the system mode will have permissions 755 regardless of the
> > > umask, and the sockets themselves always have permissions 777.
> > >
> > > BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=102060
> > > ---
> > > src/daemon/main.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/src/daemon/main.c b/src/daemon/main.c
> > > index f35252d06..9d99b8fe2 100644
> > > --- a/src/daemon/main.c
> > > +++ b/src/daemon/main.c
> > > @@ -888,7 +888,7 @@ int main(int argc, char *argv[]) {
> > >
> > > pa_set_env_and_record("PULSE_INTERNAL", "1");
> > > pa_assert_se(chdir("/") == 0);
> > > - umask(0022);
> > > + umask(0077);
> > >
> > > #ifdef HAVE_SYS_RESOURCE_H
> > > set_all_rlimits(conf);
> > > --
> >
> > Patch itself looks good to me. I suggest waiting a bit in case someone
> > has a use-case we have missed, and also making a note of this change for
> > the 12.0 release.
>
> Sure, I'll add the change to the release notes. But do you mean version
> 11 or 12? In IRC you said "Sounds okay as something for 11.0 (umask 077
> always)". I don't mind either way.
Let's punt to 12, please. I'd like to get 11 out as soon as we resolve
the Intel LPE HDMI thing.
-- Arun
More information about the pulseaudio-discuss
mailing list