possible security issue

Ian Zimmerman ian.zimmerman at linqia.com
Wed Jul 16 14:57:38 UTC 2014 

There may be a difference between daemons coded in C and Python. In C, it
is trivial for the programmer to force fixed mode flags when opening files
that may not exist - by supplying the 3rd argument to open() . In Python
one would have to drop to OS specific code to do that - in fact I cannot
remember the spelling OTTOMH.
 On Jul 15, 2014 9:35 PM, "Ben Finney" <ben+python at benfinney.id.au> wrote:

> On 15-Jul-2014, Michael Hrivnak wrote:
>
> > The summary is that worker daemon processes in celery by default
> > will change their umask to 0. Then if they create new files, those
> > files will be world-writable. Looking at PEP 3143, it seems that
> > python-daemon may also have a default umask of 0.
>
> Yes, this is a specific mandate from the primary source for standard
> Unix daemon behaviour. As cited in PEP 3143, the library follows “Unix
> Network Programming”, W. Richard Stevens, 1994 Prentice Hall. Section
> 2.6 of that book details the behaviour a properly-behaving Unix daemon
> should execute.
>
> In particular:
>
>     Reset the File Access Creation Mask
>
>     A process inherits its file access creation mask from its parent.
>     A daemon should execute:
>
>         umask(0);
>
>     to reset this mask. This prevents any files created by the daemon
>     from having their access bits modified. …
>
> > Zero is is not a safe or expected default.
>
> It is the only expected default I know of; the Stevens book is the
> canonical source for expected behaviour of Unix daemons, AFAIK.
>
> > The safe default is for a process to not change its inherited umask
> > unless explicitly directed to do so. Having a setting to change it
> > is fine, but the default behavior should be "no change".
>
> That would contradict the standard reference text, as far as I can see.
>
> > The impact of this behavior is that unless a user knows to
> > explicitly set a safe umask on their daemon processes, they could
> > end up with world-writable files without realizing it.
>
> I can modify the documentation to make clear that this is standard
> behaviour. Can you suggest wording?
>
> --
>  \      “At my lemonade stand I used to give the first glass away free |
>   `\          and charge five dollars for the second glass. The refill |
> _o__)                            contained the antidote.” —Emo Philips |
> Ben Finney <ben at benfinney.id.au>
>
> _______________________________________________
> python-daemon-devel mailing list
> python-daemon-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-daemon-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/python-daemon-devel/attachments/20140716/846077ff/attachment.html>

More information about the python-daemon-devel mailing list