aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-24 21:06:48 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-24 21:08:28 +0100
commitfaab30461b0f2b920e3dd19489ce458c0b38e6d9 (patch)
tree0b7a760c5dac69f245a91185cbaa9c3183947eae
parentd1a862d9cb98a54e12c9fdbc405b896f3f0efcfe (diff)
If restricting access via umask() fails, don't include errno in the error message.
errno is not set on umask failure, see https://perldoc.perl.org/functions/umask.
-rw-r--r--Changelog2
-rwxr-xr-xlacme4
-rwxr-xr-xlacme-accountd4
3 files changed, 6 insertions, 4 deletions
diff --git a/Changelog b/Changelog
index 1682847..e047ac5 100644
--- a/Changelog
+++ b/Changelog
@@ -236,6 +236,8 @@ lacme (0.2) upstream;
directories. New default "lacme-certs.conf lacme-certs.conf.d/".
- Minor manpage fixes
- More useful message upon Validation Challenge failure.
+ - If restricting access via umask() fails, don't include errno in the
+ error message as it's not set on failure.
-- Guilhem Moulin <guilhem@guilhem.org> Sat, 03 Dec 2016 16:40:56 +0100
diff --git a/lacme b/lacme
index 66dd6f6..fb19646 100755
--- a/lacme
+++ b/lacme
@@ -376,14 +376,14 @@ sub spawn_webserver() {
if ($domain == AF_UNIX) {
# bind(2) with a loose umask(2) to allow anyone to connect
- my $umask = umask(0111) // die "umask: $!";
+ my $umask = umask(0111) // die;
my $path = Socket::unpack_sockaddr_un($sockaddr);
bind($sock, $sockaddr) or die "Couldn't bind to $p: $!";
push @CLEANUP, sub() {
print STDERR "Unlinking $path\n" if $OPTS{debug};
unlink $path or warn "Warning: Couldn't unlink $path: $!";
};
- umask($umask) // die "umask: $!";
+ umask($umask) // die;
}
else {
bind($sock, $sockaddr) or die "Couldn't bind to $p: $!";
diff --git a/lacme-accountd b/lacme-accountd
index a35ac88..98c11ad 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -215,7 +215,7 @@ unless (defined $OPTS{stdio}) {
my @stat = stat($dirname) or error("stat($dirname): $!");
error("Insecure permissions on $dirname") if ($stat[2] & 0022) != 0;
- my $umask = umask(0177) // panic("umask: $!");
+ my $umask = umask(0177) // panic();
logmsg($LOG_VERBOSE => "Starting lacme Account Key Manager at $sockname");
socket(my $sock, PF_UNIX, SOCK_STREAM, 0) or panic("socket: $!");
@@ -225,7 +225,7 @@ unless (defined $OPTS{stdio}) {
($SOCKNAME, $S) = ($sockname, $sock);
listen($S, 1) or panic("listen: $!");
- umask($umask) // panic("umask: $!");
+ umask($umask) // panic();
};