[pulseaudio-discuss] [PATCH] main: set umask to 077 instead of 022

Sat Aug 26 09:10:15 UTC 2017

On Tue, 2017-08-22 at 09:32 +0530, Arun Raghavan wrote:
> 
> On Sun, 20 Aug 2017, at 12:20 PM, Tanu Kaskinen wrote:
> > On Sun, 2017-08-20 at 11:12 +0530, Arun Raghavan wrote:
> > > 
> > > On Sun, 20 Aug 2017, at 10:35 AM, Tanu Kaskinen wrote:
> > > > On Fri, 2017-08-18 at 11:43 +0530, Arun Raghavan wrote:
> > > > > 
> > > > > On Thu, 17 Aug 2017, at 10:54 PM, Tanu Kaskinen wrote:
> > > > > > It was reported that PulseAudio weakens the umask to 022 if it's
> > > > > > initially set to 077. That's not as big problem as it might seem,
> > > > > > but it's still a problem. The umask affects the permissions of the state
> > > > > > files, and those aren't readable by other users anyway in the per-user
> > > > > > mode, because PulseAudio puts them in directories that aren't
> > > > > > accessible to other users. In the system mode the state files will be
> > > > > > readable by everyone, though, even by those users that don't otherwise
> > > > > > have access to PulseAudio. The state files are slightly
> > > > > > privacy-sensitive, because they contain e.g. history of applications
> > > > > > that have used PulseAudio.
> > > > > > 
> > > > > > I can't think of any use cases where access to the state files by other
> > > > > > users would be necessary, either in the per-user mode or in the system
> > > > > > mode, so let's use umask 077. This doesn't prevent access to any
> > > > > > sockets in the system mode, because all directories that PulseAudio
> > > > > > creates in the system mode will have permissions 755 regardless of the
> > > > > > umask, and the sockets themselves always have permissions 777.
> > > > > > 
> > > > > > BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=102060
> > > > > > ---
> > > > > >  src/daemon/main.c | 2 +-
> > > > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > > > > 
> > > > > > diff --git a/src/daemon/main.c b/src/daemon/main.c
> > > > > > index f35252d06..9d99b8fe2 100644
> > > > > > --- a/src/daemon/main.c
> > > > > > +++ b/src/daemon/main.c
> > > > > > @@ -888,7 +888,7 @@ int main(int argc, char *argv[]) {
> > > > > >  
> > > > > >      pa_set_env_and_record("PULSE_INTERNAL", "1");
> > > > > >      pa_assert_se(chdir("/") == 0);
> > > > > > -    umask(0022);
> > > > > > +    umask(0077);
> > > > > >  
> > > > > >  #ifdef HAVE_SYS_RESOURCE_H
> > > > > >      set_all_rlimits(conf);
> > > > > > -- 
> > > > > 
> > > > > Patch itself looks good to me. I suggest waiting a bit in case someone
> > > > > has a use-case we have missed, and also making a note of this change for
> > > > > the 12.0 release.
> > > > 
> > > > Sure, I'll add the change to the release notes. But do you mean version
> > > > 11 or 12? In IRC you said "Sounds okay as something for 11.0 (umask 077
> > > > always)". I don't mind either way.
> > > 
> > > Let's punt to 12, please. I'd like to get 11 out as soon as we resolve
> > > the Intel LPE HDMI thing.
> > 
> > Ok. About that HDMI thing, what do you think we should do about it? I
> > think we've waited enough. Those who have the hardware don't seem to be
> > very eager to help with debugging, so I'd say let's postpone that until
> > 12.0. Or is there something else we could do?
> 
> If we're stuck, let's roll out 11.0. I'd be okay to bundle things into
> an 11.0 if we can get the LPE HDMI stuff going soon, else 12.0.

Releasing 11.1 would be an option too.

If you don't think we need another release candidate with the current
master, I'll do the release after I've worked through unread mail and
bug discussions.

-- 
Tanu

https://www.patreon.com/tanuk