Page MenuHomePhabricator

Reset umask explicitly in daemons
Closed, ResolvedPublic


When you run phd with a nonstandard umask, it carries through to repository checkouts.

For now, we should probably just force umask to 022 in the PullLocal daemon.

If we eventually decide to sudo all CLI stuff as the daemon user we could use 077, but we have a general assumption that access to the machine is sufficient to at least partially access possibly-sensitive information (e.g., by reading remote URLs out of the process list, accessing APC, or whatever else) and that letting attackers have shells on your production hosts is inadvisable; the not-completely-restrictive 022 umask is consistent with that.

Event Timeline

epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Daemons.
epriestley added subscribers: epriestley, chasemp.

We should probably also set this prior to accepting pushes via HTTP and SSH, so those writes happen under a favorable umask.