From 841fbf54ea45a223e74b4a85974b2c4aba9d3de2 Mon Sep 17 00:00:00 2001 From: darosior Date: Wed, 25 Dec 2019 00:11:52 +0100 Subject: [PATCH] plugin_control: spawn plugin processes with a non-0 umask Changelog-Added: JSONRPC: 'plugin start' now restores initial umask before spawning the plugin process --- lightningd/lightningd.c | 9 +++++++-- lightningd/lightningd.h | 2 ++ lightningd/plugin_control.c | 6 ++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lightningd/lightningd.c b/lightningd/lightningd.c index ed14af1c1..0c5499e38 100644 --- a/lightningd/lightningd.c +++ b/lightningd/lightningd.c @@ -244,10 +244,15 @@ static struct lightningd *new_lightningd(const tal_t *ctx) ld->stop_conn = NULL; /*~ This is used to signal that `hsm_secret` is encrypted, and will - * be set to `true` if the `--encrypted` option is passed at startup. + * be set to `true` if the `--encrypted-hsm` option is passed at startup. */ ld->encrypted_hsm = false; + /*~ We change umask if we daemonize, but not if we don't. Initialize the + * initial_umask anyway as we might rely on it later (`plugin start`). */ + ld->initial_umask = umask(0); + umask(ld->initial_umask); + return ld; } @@ -533,7 +538,7 @@ static void complete_daemonize(struct lightningd *ld) fatal("Could not setsid: %s", strerror(errno)); /* Discard our parent's old-fashioned umask prejudices. */ - umask(0); + ld->initial_umask = umask(0); /* OK, parent, you can exit(0) now. */ write_all(ld->daemon_parent_fd, &ok_status, sizeof(ok_status)); diff --git a/lightningd/lightningd.h b/lightningd/lightningd.h index 8f8a5c4d7..adfa8b573 100644 --- a/lightningd/lightningd.h +++ b/lightningd/lightningd.h @@ -249,6 +249,8 @@ struct lightningd { char *wallet_dsn; bool encrypted_hsm; + + mode_t initial_umask; }; /* Turning this on allows a tal allocation to return NULL, rather than aborting. diff --git a/lightningd/plugin_control.c b/lightningd/plugin_control.c index 10413f877..3e6b0833a 100644 --- a/lightningd/plugin_control.c +++ b/lightningd/plugin_control.c @@ -1,6 +1,8 @@ #include #include #include +#include +#include /* A dummy structure used to give multiple arguments to callbacks. */ struct dynamic_plugin { @@ -108,6 +110,7 @@ static void plugin_dynamic_manifest_callback(const char *buffer, static struct command_result *plugin_start(struct dynamic_plugin *dp) { int stdin, stdout; + mode_t prev_mask; char **p_cmd; struct jsonrpc_request *req; struct plugin *p = dp->plugin; @@ -115,7 +118,10 @@ static struct command_result *plugin_start(struct dynamic_plugin *dp) p->dynamic = true; p_cmd = tal_arrz(NULL, char *, 2); p_cmd[0] = p->cmd; + /* In case the plugin create files, this is a better default. */ + prev_mask = umask(dp->cmd->ld->initial_umask); p->pid = pipecmdarr(&stdin, &stdout, &pipecmd_preserve, p_cmd); + umask(prev_mask); if (p->pid == -1) return plugin_dynamic_error(dp, "Error running command"); else