Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/1.7] shim: Create pid-file and address with 0644 permissions #9548

Merged
merged 2 commits into from
Jan 8, 2024
Merged

[release/1.7] shim: Create pid-file and address with 0644 permissions #9548

merged 2 commits into from
Jan 8, 2024

Commits on Dec 23, 2023

  1. shim: Create pid-file with 0644 permissions 

    Fixes ae70213

In ae70213 the WritePidFile and WriteAddress functions were
changed to use AtomicFile instead of os.CreateFile. However,
AtomicFile creates a temporary file and then changes its permissions
with os.Chmod which alters the previously observed behavior of
os.CreateFile which takes the system's umask into account.

This means that on Linux-based systems these files suddenly
became world writable (containerd#9363). The address file has since been
removed, but pid-file was still created as world writable. This
commit explicitly requests 0644 permissions as even on systems
without default umask of 0022 there is no reason to have these
two files world writable.

Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
(cherry picked from commit 9d32841)
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
    @Dzejrou
    Dzejrou committed Dec 23, 2023
    Configuration menu
    Copy the full SHA
    260963a View commit details
    Browse the repository at this point in the history

  2. shim: Create address file with 0644 permissions 

    Fixes ae70213

In ae70213 the WritePidFile and WriteAddress functions were
changed to use AtomicFile instead of os.CreateFile. However,
AtomicFile creates a temporary file and then changes its permissions
with os.Chmod which alters the previously observed behavior of
os.CreateFile which takes the system's umask into account.

This means that on Linux-based systems these files suddenly
became world writable (containerd#9363).

Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
    @Dzejrou
    Dzejrou committed Dec 23, 2023
    Configuration menu
    Copy the full SHA
    8d82242 View commit details
    Browse the repository at this point in the history