Commit Diff
Diff:
ac6d3a7a0e566907f51b9d7f0734c96d1e150bb3
95654312ed7c0db99e774ffc3535533d0b3c940c
Commit:
95654312ed7c0db99e774ffc3535533d0b3c940c
Tree:
2154e82c63b83cf5d172f3c49c93f5ea82a7e387
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Sat Nov 2 18:32:24 2019 UTC
Message:
Make sure the umask is set at 022, this should prevent us writing files that are of mode 666 allowing security-minded people to change the zone file. Also fix a comment in a new replicant zonefile.
blob - c8e0e92ff7726227e78b3bb32695880653de6a03
blob + b7425fbd5b6412aeb2c37d0e4e13ae23da381518
--- raxfr.c
+++ raxfr.c
@@ -26,7 +26,7 @@
*
*/
/*
- * $Id: raxfr.c,v 1.17 2019/11/02 17:24:27 pjp Exp $
+ * $Id: raxfr.c,v 1.18 2019/11/02 18:32:24 pjp Exp $
*/
#include <sys/types.h>
@@ -34,6 +34,7 @@
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/uio.h>
+#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -1405,6 +1406,8 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
schedule_retry(lrz->zonename, now + lrz->soa.retry);
goto out;
}
+
+ umask(022);
f = fopen(p, "w");
if (f == NULL) {
@@ -1413,7 +1416,7 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
goto out;
}
- fprintf(f, "; This is a REPLICANT file for zone %s gotten on %lu\n\n", lrz->zonename, now);
+ fprintf(f, "; This is a REPLICANT file for zone %s gotten on %lld\n\n", lrz->zonename, now);
if (do_raxfr(f, serial, lrz) < 0) {
dolog(LOG_INFO, "do_raxfr failed\n");
@@ -1487,6 +1490,8 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
schedule_retry(lrz->zonename, now + lrz->soa.retry);
goto out;
}
+
+ umask(022);
f = fopen(p, "w");
if (f == NULL) {
@@ -1495,7 +1500,7 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
goto out;
}
- fprintf(f, "; This is a REPLICANT file for zone %s gotten on %lu\n\n", lrz->zonename, now);
+ fprintf(f, "; This is a REPLICANT file for zone %s gotten on %lld\n\n", lrz->zonename, now);
if (do_raxfr(f, serial, lrz) < 0) {
dolog(LOG_INFO, "do_raxfr failed\n");
repomaster@centroid.eu