[Buildroot] [PATCH] package/openssh: reset umask when init script exits
Will Eccles
will at eccles.dev
Thu Oct 21 19:21:20 UTC 2021
Hi Yann,
Apologies, I have no idea how that typo even made it into the patch. That
is supposed to say "umask $(umask)". Not only did the typo make it in
there, but I haven't even noticed it until now (and the patch I applied to
my own says umask, so apparently I typo'd when formalizing it). In any
case, it's hardly worth correcting now, since the patch isn't useful.
On Thu, Oct 21, 2021 at 1:46 PM Yann E. MORIN <yann.morin.1998 at free.fr>
wrote:
> Will, All,
>
> On 2021-10-18 16:30 -0400, Will Eccles spake thusly:
> > S50sshd updates umask to 077, but does not reset it when it exits. This
> > results in the root user's umask being configured incorrectly (assuming
> > a default of 022 or otherwise). This patch adds a trap to reset umask
> > when the script exits. This is convenient on systems where, for example,
> > configs such as /etc/profile may not be sourced by the root user. It may
> > also prevent issues with other init scripts which may inherit this umask
> > unintentionally, leading to improper permissions elsewhere in the
> > system.
> >
> > Signed-off-by: Will Eccles <will at eccles.dev>
>
> Besides what Arnout said (and which I agree with), I am not so sure this
> patch is even technically correct... See below...
>
> > ---
> > Backport to: 2021.02.6, 2021.08.1
> > (These are the releases on buildroot.org as of this writing, but as far
> > as I can tell, even releases as far back as 2012 have the same problem.)
> > ---
> > package/openssh/S50sshd | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/package/openssh/S50sshd b/package/openssh/S50sshd
> > index 22da41d1ca..94cf4c14e8 100644
> > --- a/package/openssh/S50sshd
> > +++ b/package/openssh/S50sshd
> > @@ -6,6 +6,8 @@
> > # Make sure the ssh-keygen progam exists
> > [ -f /usr/bin/ssh-keygen ] || exit 0
> >
> > +# Reset uname at exit
> > +trap "uname $(uname)" EXIT
>
> This does not even do what you said it does. This is 'uname', not
> 'umask'...
>
> Furthermore, the above code would fail anyway:
>
> $ uname $(uname); echo $?
> uname: extra operand ‘Linux’
> Try 'uname --help' for more information.
> 1
>
> So, if this very patch makes it work for you, then your issue is not
> about umask being set below...
>
> Regards,
> Yann E. MORIN.
>
> > umask 077
> >
> > start() {
> > --
> > 2.33.1
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>
> --
>
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics'
> conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___
> |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is
> no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v
> conspiracy. |
>
> '------------------------------^-------^------------------^--------------------'
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20211021/f194e0f4/attachment.html>
More information about the buildroot
mailing list