plugin_control: spawn plugin processes with a non-0 umask

Changelog-Added: JSONRPC: 'plugin start' now restores initial umask before spawning the plugin process
5 years ago · 841fbf54ea
3 changed files with 15 additions and 2 deletions
--- a/lightningd/lightningd.c
+++ b/lightningd/lightningd.c
@ -244,10 +244,15 @@ static struct lightningd *new_lightningd(const tal_t *ctx)
 	ld->stop_conn = NULL;

 	/*~ This is used to signal that `hsm_secret` is encrypted, and will
-	 * be set to `true` if the `--encrypted` option is passed at startup.
+	 * be set to `true` if the `--encrypted-hsm` option is passed at startup.
 	 */
 	ld->encrypted_hsm = false;

+	/*~ We change umask if we daemonize, but not if we don't. Initialize the
+	 * initial_umask anyway as we might rely on it later (`plugin start`). */
+	ld->initial_umask = umask(0);
+	umask(ld->initial_umask);
+
 	return ld;
 }

@ -533,7 +538,7 @@ static void complete_daemonize(struct lightningd *ld)
 		fatal("Could not setsid: %s", strerror(errno));

 	/* Discard our parent's old-fashioned umask prejudices. */
-	umask(0);
+	ld->initial_umask = umask(0);

 	/* OK, parent, you can exit(0) now. */
 	write_all(ld->daemon_parent_fd, &ok_status, sizeof(ok_status));
--- a/lightningd/lightningd.h
+++ b/lightningd/lightningd.h
@ -249,6 +249,8 @@ struct lightningd {
 	char *wallet_dsn;

 	bool encrypted_hsm;
+
+	mode_t initial_umask;
 };

 /* Turning this on allows a tal allocation to return NULL, rather than aborting.
--- a/lightningd/plugin_control.c
+++ b/lightningd/plugin_control.c
@ -1,6 +1,8 @@
 #include <lightningd/options.h>
 #include <lightningd/plugin_control.h>
 #include <lightningd/plugin_hook.h>
+#include <sys/stat.h>
+#include <sys/types.h>

 /* A dummy structure used to give multiple arguments to callbacks. */
 struct dynamic_plugin {
@ -108,6 +110,7 @@ static void plugin_dynamic_manifest_callback(const char *buffer,
 static struct command_result *plugin_start(struct dynamic_plugin *dp)
 {
 	int stdin, stdout;
+	mode_t prev_mask;
 	char **p_cmd;
 	struct jsonrpc_request *req;
 	struct plugin *p = dp->plugin;
@ -115,7 +118,10 @@ static struct command_result *plugin_start(struct dynamic_plugin *dp)
 	p->dynamic = true;
 	p_cmd = tal_arrz(NULL, char *, 2);
 	p_cmd[0] = p->cmd;
+	/* In case the plugin create files, this is a better default. */
+	prev_mask = umask(dp->cmd->ld->initial_umask);
 	p->pid = pipecmdarr(&stdin, &stdout, &pipecmd_preserve, p_cmd);
+	umask(prev_mask);
 	if (p->pid == -1)
 		return plugin_dynamic_error(dp, "Error running command");
 	else