fix file permissions

Signed-off-by: Paul Allen <[email protected]>

crt/enter.c

@@ -382,6 +382,8 @@ int myst_retrieve_wanted_secrets()
             goto done;
         }
 
+        fchmod(fileno(file), S_IWUSR | S_IRUSR | S_IRGRP);
+
         r = fwrite(release_secret.data, 1, release_secret.length, file);
         fclose(file);
         file = NULL;

host/file.c

@@ -19,7 +19,7 @@ int myst_write_file(const char* path, const void* data, size_t size)
     size_t r = size;
     ssize_t n;
 
-    if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
+    if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC, 0640)) < 0)
         ERAISE(-errno);
 
     while ((n = write(fd, p, r)) > 0)

kernel/udsdev.c

@@ -251,7 +251,7 @@ static int _create_acceptor(const char* sun_path, acceptor_t** acceptor_out)
 static int _create_uds_file(const char* path)
 {
     long ret = 0;
-    const int mode = 0666;
+    const int mode = 0600;
     int fd = -1;
 
     if ((fd = creat(path, mode)) < 0)

tools/myst/host/host.c

@@ -185,7 +185,7 @@ long init_symbol_file_tmpdir(char* tmpdir)
 
     if (!mkdtemp(tmpdir))
         ERAISE(errno);
-    ECHECK(chmod(tmpdir, 0777));
+    ECHECK(chmod(tmpdir, 0750));
 
 done:
     return ret;
@@ -245,7 +245,7 @@ long myst_tcall_add_symbol_file(
             {
                 ERAISE(-ENAMETOOLONG);
             }
-            if ((fd = creat(tmp, 0666)) < 0)
+            if ((fd = creat(tmp, 0750)) < 0)
                 goto done;
         }
     }
@@ -261,7 +261,7 @@ long myst_tcall_add_symbol_file(
             ERAISE(-ENAMETOOLONG);
         }
 
-        if ((fd = creat(tmp, 0666)) < 0)
+        if ((fd = creat(tmp, 0750)) < 0)
             goto done;
     }
 

tools/myst/host/mkext2/mkext2.c

@@ -190,6 +190,9 @@ static void _create_zero_filled_image(const char* path, size_t size)
     if (!(is = fopen(path, "wb")))
         _err("failed to open file for write: %s", path);
 
+    if (fchmod(fileno(is), S_IRUSR | S_IWUSR | S_IRGRP) != 0)
+        _err("failed to chmod file: %s", path);
+
     if (fseek(is, size - sizeof(_block), SEEK_SET) != 0)
         _err("failed to seek file: %s: %zu", path, size);
 

tools/myst/host/package.c

@@ -228,7 +228,7 @@ int _package(int argc, const char* argv[])
         uint8_t page[PAGE_SIZE];
         const int flags = O_CREAT | O_WRONLY | O_TRUNC;
 
-        if ((fd = open(rootfs_file, flags, 0666)) < 0)
+        if ((fd = open(rootfs_file, flags, 0640)) < 0)
             _err("failed to create temporary file");
 
         memset(page, 0, sizeof(page));

utils/cpio.c

@@ -294,7 +294,7 @@ myst_cpio_t* myst_cpio_open(const char* path, uint32_t flags)
 
     if ((flags & MYST_CPIO_FLAG_CREATE))
     {
-        if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0666)) < 0)
+        if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0640)) < 0)
             GOTO(done);
 
         if (write(fd, &_dot, _dot.size) != (ssize_t)_dot.size)
@@ -306,7 +306,7 @@ myst_cpio_t* myst_cpio_open(const char* path, uint32_t flags)
     }
     else
     {
-        if ((fd = open(path, O_RDONLY, 0666)) < 0)
+        if ((fd = open(path, O_RDONLY, 0640)) < 0)
             GOTO(done);
 
         cpio->fd = fd;
@@ -631,7 +631,7 @@ int myst_cpio_unpack(const char* source, const char* target)
         {
             ssize_t n;
 
-            if ((fd = open(locals->path, O_WRONLY | O_CREAT, 0666)) < 0)
+            if ((fd = open(locals->path, O_WRONLY | O_CREAT, 0640)) < 0)
                 GOTO(done);
 
             while ((n = myst_cpio_read_data(
@@ -1120,7 +1120,7 @@ int myst_cpio_mem_unpack(
                 ssize_t n = (ssize_t)locals->ent.size;
 
                 // ATTN: Can we replace 0666 with locals->ent.mode?
-                if ((fd = open(locals->path, O_WRONLY | O_CREAT, 0666)) < 0)
+                if ((fd = open(locals->path, O_WRONLY | O_CREAT, 0640)) < 0)
                     GOTO(done);
 
                 if (write(fd, file_data, (size_t)n) != n)