diff options
| author | Alistair Strachan <alistair.strachan@imgtec.com> | 2013-07-17 10:41:49 -0700 |
|---|---|---|
| committer | Doug Zongker <dougz@android.com> | 2013-11-18 09:52:46 -0800 |
| commit | 027429a34fd229d7546640bd5b629156da8dd0fd (patch) | |
| tree | 898231a189fb42ae3b64299120e903e443d7d694 /install.cpp | |
| parent | 9690e2b370f3f303ef75e1fd5c7fdbea8787d46a (diff) | |
| download | bootable_recovery-027429a34fd229d7546640bd5b629156da8dd0fd.zip bootable_recovery-027429a34fd229d7546640bd5b629156da8dd0fd.tar.gz bootable_recovery-027429a34fd229d7546640bd5b629156da8dd0fd.tar.bz2 | |
Restore default umask after forking for update-binary.
A system/core change made in Mar 26 2012 6ebf12f "init: Change umask
of forked processes to 077" changed the default umask of services
forked from init.
Because recovery is forked from init, it has a umask of 077. Therefore
when update-binary is forked from recovery, it too has a umask of 077.
This umask is overly restrictive and can cause problems for scripts
relying on minzip to extract binaries directly into the target
filesystem. Any directories updated by minzip will have their
permissions reset to r-x------ and created files will have similarly
restrictive permissions.
As it seems unlikely this security measure was intended to have this
side effect on legacy sideloads that do not have chmods to repair
the damage done by minzip, this change reverts the umask to 022 in
the fork made for update-binary.
Change-Id: Ib1a3fc83aa4ecc7480b5d0c00f3c7d0d040d4887
Diffstat (limited to 'install.cpp')
| -rw-r--r-- | install.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/install.cpp b/install.cpp index 797a525..980830c 100644 --- a/install.cpp +++ b/install.cpp @@ -120,6 +120,7 @@ try_update_binary(const char *path, ZipArchive *zip, int* wipe_cache) { pid_t pid = fork(); if (pid == 0) { + umask(022); close(pipefd[0]); execv(binary, (char* const*)args); fprintf(stdout, "E:Can't run %s (%s)\n", binary, strerror(errno)); |