Re: [Buildroot] [PATCH] package/openssh: reset umask when init script exits

From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Will Eccles <will@eccles.dev>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/openssh: reset umask when init script exits
Date: Thu, 21 Oct 2021 19:46:16 +0200	[thread overview]
Message-ID: <20211021174616.GD2400@scaer> (raw)
In-Reply-To: <20211018203038.32453-1-will@eccles.dev>

Will, All,

On 2021-10-18 16:30 -0400, Will Eccles spake thusly:
> S50sshd updates umask to 077, but does not reset it when it exits. This
> results in the root user's umask being configured incorrectly (assuming
> a default of 022 or otherwise). This patch adds a trap to reset umask
> when the script exits. This is convenient on systems where, for example,
> configs such as /etc/profile may not be sourced by the root user. It may
> also prevent issues with other init scripts which may inherit this umask
> unintentionally, leading to improper permissions elsewhere in the
> system.
> 
> Signed-off-by: Will Eccles <will@eccles.dev>

Besides what Arnout said (and which I agree with), I am not so sure this
patch is even technically correct... See below...

> ---
> Backport to: 2021.02.6, 2021.08.1
> (These are the releases on buildroot.org as of this writing, but as far
> as I can tell, even releases as far back as 2012 have the same problem.)
> ---
>  package/openssh/S50sshd | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/package/openssh/S50sshd b/package/openssh/S50sshd
> index 22da41d1ca..94cf4c14e8 100644
> --- a/package/openssh/S50sshd
> +++ b/package/openssh/S50sshd
> @@ -6,6 +6,8 @@
>  # Make sure the ssh-keygen progam exists
>  [ -f /usr/bin/ssh-keygen ] || exit 0
>  
> +# Reset uname at exit
> +trap "uname $(uname)" EXIT

This does not even do what you said it does. This is 'uname', not
'umask'...

Furthermore, the above code would fail anyway:

    $ uname $(uname); echo $?
    uname: extra operand ‘Linux’
    Try 'uname --help' for more information.
    1

So, if this very patch makes it work for you, then your issue is not
about umask being set below...

Regards,
Yann E. MORIN.

>  umask 077
>  
>  start() {
> -- 
> 2.33.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot