[pve-devel] [PATCH pve-storage] mask world r and group wx permissions in vdisk_alloc
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Jul 21 08:44:06 CEST 2015
Avoid world-readable disk files being created as suggested
in #416 by setting an umask to strip world permissions as
well as group write/exec permissions before calling
alloc_image.
---
PVE/Storage.pm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index c1cf524..82f9eee 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -587,7 +587,11 @@ sub vdisk_alloc {
# lock shared storage
return $plugin->cluster_lock_storage($storeid, $scfg->{shared}, undef, sub {
- my $volname = $plugin->alloc_image($storeid, $scfg, $vmid, $fmt, $name, $size);
+ my $old_umask = umask(umask|0037);
+ my $volname = eval { $plugin->alloc_image($storeid, $scfg, $vmid, $fmt, $name, $size) };
+ my $err = $@;
+ umask $old_umask;
+ die $err if $err;
return "$storeid:$volname";
});
}
--
2.1.4
More information about the pve-devel
mailing list