On Sun, Nov 28, 2004 at 01:03:23PM +0100, Richard Zidlicky wrote:
Hi,
Hi.
I stumbled upon this as I noticed that bookmarks and saved files are world writable. Is there still a good reason to set umask to 0 for all plugins?
Good question! Basically the umask(0) call is there because the "Linux Programming Second Edition Unleashed" recommends so as a standard for daemons ;). Now, looking into it, it makes much more sense to use 077 as a mask for dpis (i.e. only allowing the owner).
Another detail I noticed while checking file creation is this: --- dillo-0.8.3/src/cookies.c.rz 2004-11-28 12:39:33.000000000 +0100 +++ dillo-0.8.3/src/cookies.c 2004-11-28 12:40:22.000000000 +0100 @@ -100,7 +100,7 @@
if ((F_in = fopen(filename, "r+")) == NULL) { /* Create the file */ - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR, 0777); if (fd != -1) { if (init_str) write(fd, init_str, strlen(init_str));
Well, with the proper mask set to 0077 this would not be required. If the need to add explicit permissions arise, it'd be 0077 too. Comments are welcome. -- Cheers Jorge.-