umask for exported files
Fairlight
fairlite at fairlite.com
Tue Oct 14 09:51:43 PDT 2008
In the relative spacial/temporal region of Tue, Oct 14, 2008 at 10:29:00AM
-0500, flavius m achieved the spontaneous generation of the following:
> Hello,
>
> I am running filepro 5.6 under Linux. I am trying to change the default
> umask for filepro. Currently, filepro creates files/directories with 700
> permissions and I need it to be 755.
>
> This is what I have done until now: - I have added "umask 0022" to
> /etc/profile, /home/filepro/.bashrc, /home/filepro/.profile - I have
> added PFUMASK=0022 in filepro configuration
>
> Unfortunatelly, none of the above modified the umask.
>
> I would appreciate any help on that.
>
> Thank you, Flavius Moldovan
Oh, Flavius, that's a sore point. I feel your pain.
You can't do anything about the problem utilising umask, unfortunately.
The vendor, in their infinite "wisdom", has ignored over thirteen years
(over multiple owners) of me begging, as a security-conscious sysadmin,
for this to be fixed. They have blatantly ignored every attempt to get
this problem rectified, and I can only surmise that they have no desire to
address security concerns regarding their product's output.
You have two options available to you, neither ideal:
1) Use open() in your code, and then close the file. Then export to that
same file. fP's open() uses mode 0600--also a mistakenly hardwired and
immutable value. Oh, actually I think the HTML file opening command uses
0644, -also- a hardwired value. I know there are three ways to get
different modes out of it, and I'm pretty sure that's the third one.
2) You can use system() to execute an external chmod from within your
processing, and just suck up the overhead and race condition inherent to
this "solution".
Bottom line is that fP has -never- worked properly in this regard, and
because you use their product, you've been left to fend for your security
on your own. I'm sure they're sorry for the inconvenience--sometimes,
maybe, perhaps, in some alternate reality where they actually give a damn
about something other than adding spell checkers.
They've known about this since 4.1 when I first complained in 1993-1995.
Then there was 4.5, 4.8, 5.0, and now 5.6. It's still not fixed, and I'm
sincerely doubting it ever will be.
mark->
--
"I'm not subtle. I'm not pretty, and I'll piss off a lot of people along
the way. But I'll get the job done" --Captain Matthew Gideon, "Crusade"
More information about the Filepro-list
mailing list