shim: Create pid-file with 0644 permissions

Dzejrou · Dzejrou · commit 260963a354d9 · 2023-12-23T21:44:40.000+01:00
Fixes ae70213 In ae70213 the WritePidFile and WriteAddress functions were changed to use AtomicFile instead of os.CreateFile. However, AtomicFile creates a temporary file and then changes its permissions with os.Chmod which alters the previously observed behavior of os.CreateFile which takes the system's umask into account. This means that on Linux-based systems these files suddenly became world writable (#9363). The address file has since been removed, but pid-file was still created as world writable. This commit explicitly requests 0644 permissions as even on systems without default umask of 0022 there is no reason to have these two files world writable. Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com> (cherry picked from commit 9d32841) Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
@@ -126,7 +126,7 @@ func WritePidFile(path string, pid int) error {
 	if err != nil {
 		return err
 	}
-	f, err := atomicfile.New(path, 0o666)
+	f, err := atomicfile.New(path, 0o644)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ func WritePidFile(path string, pid int) error {`
`126`	`126`	`if err != nil {`
`127`	`127`	`return err`
`128`	`128`	`}`
`129`		`- f, err := atomicfile.New(path, 0o666)`
	`129`	`+ f, err := atomicfile.New(path, 0o644)`
`130`	`130`	`if err != nil {`
`131`	`131`	`return err`
`132`	`132`	`}`