Explicit advice to choose a secure umask (was: possible security issue)

[Ben Finney]

On 15-Jul-2014, Michael Hrivnak wrote:

> The impact of this behavior is that unless a user knows to
> explicitly set a safe umask on their daemon processes, they could
> end up with world-writable files without realizing it.

I am planning to make this change to the Daemoncontext docstring::

$ bzr diff
=== modified file 'daemon/daemon.py'
--- daemon/daemon.py
revid:ben+python at benfinney.id.au-20140801025818-ecsn2012ckonm3nh
+++ daemon/daemon.py    2014-08-01 02:26:35 +0000
@@ -112,6 +112,11 @@
             starting the daemon will reset the umask to this value so that
             files are created by the daemon with access modes as it expects.
 
+            *Note*: The default of 0 is insecure, but is expected by
+            convention for a Unix daemon. Set a specific umask value,
+            either with this parameter, or later in the program with
+            an explicit ‘os.umask’ call.
+
         `pidfile`
             :Default: ``None``
 

Is that sufficiently explanatory?

-- 
 \           “I just got out of the hospital; I was in a speed-reading |
  `\     accident. I hit a bookmark and flew across the room.” —Steven |
_o__)                                                           Wright |
Ben Finney <ben at benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-daemon-devel/attachments/20140801/fc2bedac/attachment.sig>