From 5f564c380e280acc2ded270963f333dc9f2509b7 Mon Sep 17 00:00:00 2001
From: Michiel Broek <mbse@mbse.eu>
Date: Mon, 14 Mar 2005 22:32:38 +0000
Subject: [PATCH] Changed permissions for semafore reading

---
 ChangeLog         | 4 ++++
 Makefile          | 6 ++++--
 mbtask/taskutil.c | 6 ++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9cee8136..0fcff5a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,10 @@ v0.71.2		16-Jan-2005
 		More patches added from Dmitry Komissaroff to improve charset
 		support. Also improved msgid linking.
 
+	mbtask:
+		The created semafore files are now world readable so that low
+		privileged users like nobody can check the semafore's.
+
 	html:
 		Added batch file upload written by Russell Tiedt to the faq.
 
diff --git a/Makefile b/Makefile
index a3a66a27..a02ee2ff 100644
--- a/Makefile
+++ b/Makefile
@@ -98,7 +98,7 @@ install:
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0775 ${PREFIX}/ftp/pub
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0775 ${PREFIX}/ftp/pub/local
 		@${INSTALL} -d -o ${ROWNER} -g ${RGROUP} -m 0750 ${PREFIX}/ftp/incoming
-		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var
+		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0775 ${PREFIX}/var
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/arealists
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/badtic
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/boxes
@@ -130,9 +130,11 @@ install:
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/queue
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/rules
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/run
-		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0777 ${PREFIX}/var/sema
+		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0775 ${PREFIX}/var/sema
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/ticqueue
 		@${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/unknown
+		@chmod 0775 ${PREFIX}/var
+		@chmod 0775 ${PREFIX}/var/sema
 		@if [ -x ${BINDIR}/mbtelnetd ]; then \
 			rm ${BINDIR}/mbtelnetd ; \
 			echo "removed ${BINDIR}/mbtelnetd"; \
diff --git a/mbtask/taskutil.c b/mbtask/taskutil.c
index 2f6412d3..833a1c53 100644
--- a/mbtask/taskutil.c
+++ b/mbtask/taskutil.c
@@ -268,14 +268,17 @@ void CreateSema(char *sem)
 {
     char    temp[PATH_MAX];
     FILE    *fp;
+    int	    oldmask;
 
     sprintf(temp, "%s/var/sema/%s", getenv("MBSE_ROOT"), sem);
     if (access(temp, F_OK) == 0)
 	return;
+    oldmask = umask(002);
     if ((fp = fopen(temp, "w")))
 	fclose(fp);
     else
         Syslog('?', "Can't create semafore %s", temp);
+    umask(oldmask);
 }
 
 
@@ -284,12 +287,15 @@ void TouchSema(char *sem)
 {
     char    temp[PATH_MAX];
     FILE    *fp;
+    int	    oldmask;
 
     sprintf(temp, "%s/var/sema/%s", getenv("MBSE_ROOT"), sem);
+    oldmask = umask(002);
     if ((fp = fopen(temp, "w")))
 	fclose(fp);
     else
         Syslog('?', "Can't touch semafore %s", temp);
+    umask(oldmask);
 }