gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CONFIG REWRITE should honor umask settings. (#8371)

Browse Source 
Fixes a regression introduced due to a new (safer) way of rewriting configuration files. In the past the file was simply overwritten (same inode), but now Redis creates a new temporary file and later renames it over the old one.

The temp file typically gets created with 0600 permissions so we later fchmod it to fix that. Unlike open with O_CREAT, fchmod doesn't consider umask so we have to do that explicitly.

Fixes #8369
This commit is contained in:
Yossi Gottlieb 2021-01-20 21:57:24 +02:00 committed by GitHub
parent 4ac682da27
commit 3c0fd785c4
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/config.c
View File

@ -1683,7 +1683,7 @@ int rewriteConfigOverwriteFile(char *configfile, sds content) {
if (fsync(fd)) if (fsync(fd))
serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno)); serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
else if (fchmod(fd, 0644) == -1) else if (fchmod(fd, 0644 & ~server.umask) == -1)
serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno)); serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
else if (rename(tmp_conffile, configfile) == -1) else if (rename(tmp_conffile, configfile) == -1)
serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno)); serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));

6
src/server.c
View File

@ -5753,6 +5753,12 @@ int main(int argc, char **argv) {
init_genrand64(((long long) tv.tv_sec * 1000000 + tv.tv_usec) ^ getpid()); init_genrand64(((long long) tv.tv_sec * 1000000 + tv.tv_usec) ^ getpid());
crc64_init(); crc64_init();
/* Store umask value. Because umask(2) only offers a set-and-get API we have
* to reset it and restore it back. We do this early to avoid a potential
* race condition with threads that could be creating files or directories.
*/
umask(server.umask = umask(0777));
uint8_t hashseed[16]; uint8_t hashseed[16];
getRandomBytes(hashseed,sizeof(hashseed)); getRandomBytes(hashseed,sizeof(hashseed));
dictSetHashFunctionSeed(hashseed); dictSetHashFunctionSeed(hashseed);

1
src/server.h
View File

@ -1124,6 +1124,7 @@ struct redisServer {
int config_hz; /* Configured HZ value. May be different than int config_hz; /* Configured HZ value. May be different than
the actual 'hz' field value if dynamic-hz the actual 'hz' field value if dynamic-hz
is enabled. */ is enabled. */
mode_t umask; /* The umask value of the process on startup */
int hz; /* serverCron() calls frequency in hertz */ int hz; /* serverCron() calls frequency in hertz */
int in_fork_child; /* indication that this is a fork child */ int in_fork_child; /* indication that this is a fork child */
redisDb *db; redisDb *db;