restore system umask after fork (fix T5659)

Summary: start-stop-daemon behaviour has changed. We must make sure the created pidfile is "secure" and not world-wide-writeable. Reviewers: #pykolab_developers, vanmeeuwen Reviewed By: #pykolab_developers, vanmeeuwen Differential Revision: https://git.kolab.org/D847
author: Daniel Hoffend <dh@dotlan.net> 2019-11-18 12:02:28 +0100
committer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> 2019-11-18 12:02:28 +0100
commit: 17db4f8027ddbe1d887ebf0ebdc33ed46855d269 (patch)
tree: f2ec2ba48d5110bf4bfa93e672b3b97e27c8fed9 /saslauthd
parent: c4efba7de0b771361cf9b988d8176cd02d0c3aac (diff)
download: pykolab-17db4f8027ddbe1d887ebf0ebdc33ed46855d269.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/saslauthd/__init__.py b/saslauthd/__init__.py
index 2cb76d6..30e8189 100644
--- a/saslauthd/__init__.py
+++ b/saslauthd/__init__.py
@@ -138,7 +138,7 @@ class SASLAuthDaemon(object):
                 # Give up the session, all control,
                 # all open file descriptors, see #5151
                 os.chdir("/")
-                os.umask(0)
+                old_umask = os.umask(0)
                 os.setsid()
 
                 pid = os.fork()
@@ -153,6 +153,8 @@ class SASLAuthDaemon(object):
                 os.close(1)
                 os.close(2)
 
+                os.umask(old_umask)
+
                 self.thread_count += 1
                 log.remove_stdout_handler()
                 self.set_signal_handlers()
author	Daniel Hoffend <dh@dotlan.net>	2019-11-18 12:02:28 +0100
committer	Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>	2019-11-18 12:02:28 +0100
commit	17db4f8027ddbe1d887ebf0ebdc33ed46855d269 (patch)
tree	f2ec2ba48d5110bf4bfa93e672b3b97e27c8fed9 /saslauthd
parent	c4efba7de0b771361cf9b988d8176cd02d0c3aac (diff)
download	pykolab-17db4f8027ddbe1d887ebf0ebdc33ed46855d269.tar.gz