git: c6806434e790 - main - rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 18 Jan 2022 15:35:15 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=c6806434e79079f4f9419c3ba4fec37efcaa1635
commit c6806434e79079f4f9419c3ba4fec37efcaa1635
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-01-18 14:14:54 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-01-18 14:21:00 +0000
rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.
PR: 261298
Reported by: Martin Waschbusch <martin@waschbuesch.de>
MFC after: 3 days
---
libexec/rc/rc.d/ntpd | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd
index 8b32e3e19d5b..c1d2f52a01b7 100755
--- a/libexec/rc/rc.d/ntpd
+++ b/libexec/rc/rc.d/ntpd
@@ -221,6 +221,8 @@ ntpd_fetch_leapfile() {
if ntpd_needfetch_leapfile ; then
for url in $ntp_leapfile_sources ; do
$verbose fetching $url
+ # Circumvent umask 027 and 077 in login.conf(5)
+ umask 022
fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break
done
ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile)