From owner-cvs-all  Mon Jun 28 16:32:38 1999
Delivered-To: cvs-all@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6BE0E14DD4; Mon, 28 Jun 1999 16:32:33 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id BAA97018;
	Tue, 29 Jun 1999 01:32:30 +0200 (CEST)
	(envelope-from des)
To: Pierre Beyssac <beyssac@enst.fr>
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	Pierre Beyssac <pb@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/usr.sbin/vipw pw_util.c vipw.c
References: <199906261215.FAA18022@freefall.freebsd.org> <xzpogi01e8n.fsf@flood.ping.uio.no> <19990628193311.A63701@enst.fr>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 29 Jun 1999 01:32:30 +0200
In-Reply-To: Pierre Beyssac's message of "Mon, 28 Jun 1999 19:33:11 +0200"
Message-ID: <xzpd7yf2969.fsf@flood.ping.uio.no>
Lines: 37
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

Pierre Beyssac <beyssac@enst.fr> writes:
> On Mon, Jun 28, 1999 at 06:28:24PM +0200, Dag-Erling Smorgrav wrote:
> > >   Force umask to 077 (instead of 000) during the edit phase, to get
> > Wrong fix. The correct fix is to save and restore the original umask.
> > See attached patch.
> I disagree; the umask 077 is on purpose because we're dealing with
> the password file, not just any random use of $EDITOR.

I believe you don't quite understand the code. What happens is:

 * set umask to 0
 * create a temp file containing a copy of master.passwd, with mode
   0600
 * restore the umask to 077, on the mistaken assumption that it
   actually has an effect.
 * start the editor
 * check the syntax of the temp file
 * regenerate the password database

Now there are two instances in which the second call to umask(2) has
any effect at all:

 1) you use a losing editor which creates backup files with
    permissions different from those of the file you're editing.

 2) while editing the password file, you create and edit another file.

The solution to the first case should be obvious to everyone. As for
the second case, it is my humble opinion that we should restore the
original umask, if only in the name of POLA.

The second call to umask(2) does not in any way affect the file mode
of either master.passwd or the temp file used for editing it.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message