[tor-commits] [tor/master] Create logfiles in mode 0640

[nickm at torproject.org]

commit c000c7d118728abea6e03ddde1862e2dcf784166
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Mar 14 11:36:53 2017 -0400

    Create logfiles in mode 0640
    
    Patch from toralf; closes 21729.
---
 changes/ticket21729 | 7 +++++++
 src/common/log.c    | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/changes/ticket21729 b/changes/ticket21729
new file mode 100644
index 0000000..51d1173
--- /dev/null
+++ b/changes/ticket21729
@@ -0,0 +1,7 @@
+  o Minor features (logging):
+    - Log files are no longer created world-readable by default.
+      (Previously, most distributors would store the logs in a
+      non-world-readable location to prevent inappropriate access. This
+      change is an extra precaution.)  Closes ticket 21729; patch from
+      toralf.
+
diff --git a/src/common/log.c b/src/common/log.c
index 5f7151b..f679336 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -1086,7 +1086,7 @@ add_file_log(const log_severity_list_t *severity, const char *filename,
   int open_flags = O_WRONLY|O_CREAT;
   open_flags |= truncate_log ? O_TRUNC : O_APPEND;
 
-  fd = tor_open_cloexec(filename, open_flags, 0644);
+  fd = tor_open_cloexec(filename, open_flags, 0640);
   if (fd<0)
     return -1;
   if (tor_fd_seekend(fd)<0) {