yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mask world r and group wx permissions in vdisk_alloc

Browse Source 
Avoid world-readable disk files being created as suggested
in #416 by setting an umask to strip world permissions as
well as group write/exec permissions before calling
alloc_image.
This commit is contained in:
Wolfgang Bumiller
2015-07-21 08:44:06 +02:00
committed by Dietmar Maurer
parent d75b2a72bb
commit afdfbe5594
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
PVE/Storage.pm
View File

@ -587,7 +587,11 @@ sub vdisk_alloc {
# lock shared storage
return $plugin->cluster_lock_storage($storeid, $scfg->{shared}, undef, sub {
my $volname = $plugin->alloc_image($storeid, $scfg, $vmid, $fmt, $name, $size);
my $old_umask = umask(umask|0037);
my $volname = eval { $plugin->alloc_image($storeid, $scfg, $vmid, $fmt, $name, $size) };
my $err = $@;
umask $old_umask;
die $err if $err;
return "$storeid:$volname";
});
}