shim: Create address file with 0644 permissions

Dzejrou · Dzejrou · commit 8d82242eb525 · 2023-12-23T21:46:12.000+01:00
Fixes ae70213 In ae70213 the WritePidFile and WriteAddress functions were changed to use AtomicFile instead of os.CreateFile. However, AtomicFile creates a temporary file and then changes its permissions with os.Chmod which alters the previously observed behavior of os.CreateFile which takes the system's umask into account. This means that on Linux-based systems these files suddenly became world writable (#9363). Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
@@ -144,7 +144,7 @@ func WriteAddress(path, address string) error {
 	if err != nil {
 		return err
 	}
-	f, err := atomicfile.New(path, 0o666)
+	f, err := atomicfile.New(path, 0o644)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ func WriteAddress(path, address string) error {`
`144`	`144`	`if err != nil {`
`145`	`145`	`return err`
`146`	`146`	`}`
`147`		`- f, err := atomicfile.New(path, 0o666)`
	`147`	`+ f, err := atomicfile.New(path, 0o644)`
`148`	`148`	`if err != nil {`
`149`	`149`	`return err`
`150`	`150`	`}`