[Buildroot] [PATCH] package/openssh: reset umask when init script exits

Arnout Vandecappelle arnout at mind.be
Tue Oct 19 20:25:49 UTC 2021


  Hi Will,

On 18/10/2021 22:30, Will Eccles wrote:
> S50sshd updates umask to 077, but does not reset it when it exits. This
> results in the root user's umask being configured incorrectly (assuming
> a default of 022 or otherwise).

  Can you explain in which context this happens?

  Normally this script is executed by /etc/init.d/rcS, which contains this code:

      case "$i" in
         *.sh)
             # Source shell script for speed.
             (
                 trap - INT QUIT TSTP
                 set start
                 . $i
             )
             ;;
         *)
             # No sh extension, so fork subprocess.
             $i start
             ;;

  Since the script doesn't end with .sh, it will fork, so the umask doesn't "stick".

  Same when you execute the script interactively: the umask isn't inherited by 
the parent shell.

  And when you source the script, the trap doesn't even trigger at the end of 
the script, so this patch doesn't actually reset the umask.


  So I don't understand how it's possible that this patch fixes your problem.


  Regards,
  Arnout


> This patch adds a trap to reset umask
> when the script exits. This is convenient on systems where, for example,
> configs such as /etc/profile may not be sourced by the root user. It may
> also prevent issues with other init scripts which may inherit this umask
> unintentionally, leading to improper permissions elsewhere in the
> system.
> 
> Signed-off-by: Will Eccles <will at eccles.dev>
> ---
> Backport to: 2021.02.6, 2021.08.1
> (These are the releases on buildroot.org as of this writing, but as far
> as I can tell, even releases as far back as 2012 have the same problem.)
> ---
>   package/openssh/S50sshd | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/package/openssh/S50sshd b/package/openssh/S50sshd
> index 22da41d1ca..94cf4c14e8 100644
> --- a/package/openssh/S50sshd
> +++ b/package/openssh/S50sshd
> @@ -6,6 +6,8 @@
>   # Make sure the ssh-keygen progam exists
>   [ -f /usr/bin/ssh-keygen ] || exit 0
>   
> +# Reset uname at exit
> +trap "uname $(uname)" EXIT
>   umask 077
>   
>   start() {
> 


More information about the buildroot mailing list