jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-27 04:53:28 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd

Browse Source 
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.

PR:		261298
Reported by:	Martin Waschbusch <martin@waschbuesch.de>
MFC after:	3 days
This commit is contained in:
Cy Schubert 2022-01-18 06:14:54 -08:00
parent aac52f94ea
commit c6806434e7
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libexec/rc/rc.d/ntpd
View File

@ -221,6 +221,8 @@ ntpd_fetch_leapfile() {
if ntpd_needfetch_leapfile ; then if ntpd_needfetch_leapfile ; then
for url in $ntp_leapfile_sources ; do for url in $ntp_leapfile_sources ; do
$verbose fetching $url $verbose fetching $url
# Circumvent umask 027 and 077 in login.conf(5)
umask 022
fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break
done done
ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile) ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile)