From faab30461b0f2b920e3dd19489ce458c0b38e6d9 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 24 Feb 2021 21:06:48 +0100 Subject: If restricting access via umask() fails, don't include errno in the error message. errno is not set on umask failure, see https://perldoc.perl.org/functions/umask. --- Changelog | 2 ++ lacme | 4 ++-- lacme-accountd | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Changelog b/Changelog index 1682847..e047ac5 100644 --- a/Changelog +++ b/Changelog @@ -236,6 +236,8 @@ lacme (0.2) upstream; directories. New default "lacme-certs.conf lacme-certs.conf.d/". - Minor manpage fixes - More useful message upon Validation Challenge failure. + - If restricting access via umask() fails, don't include errno in the + error message as it's not set on failure. -- Guilhem Moulin Sat, 03 Dec 2016 16:40:56 +0100 diff --git a/lacme b/lacme index 66dd6f6..fb19646 100755 --- a/lacme +++ b/lacme @@ -376,14 +376,14 @@ sub spawn_webserver() { if ($domain == AF_UNIX) { # bind(2) with a loose umask(2) to allow anyone to connect - my $umask = umask(0111) // die "umask: $!"; + my $umask = umask(0111) // die; my $path = Socket::unpack_sockaddr_un($sockaddr); bind($sock, $sockaddr) or die "Couldn't bind to $p: $!"; push @CLEANUP, sub() { print STDERR "Unlinking $path\n" if $OPTS{debug}; unlink $path or warn "Warning: Couldn't unlink $path: $!"; }; - umask($umask) // die "umask: $!"; + umask($umask) // die; } else { bind($sock, $sockaddr) or die "Couldn't bind to $p: $!"; diff --git a/lacme-accountd b/lacme-accountd index a35ac88..98c11ad 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -215,7 +215,7 @@ unless (defined $OPTS{stdio}) { my @stat = stat($dirname) or error("stat($dirname): $!"); error("Insecure permissions on $dirname") if ($stat[2] & 0022) != 0; - my $umask = umask(0177) // panic("umask: $!"); + my $umask = umask(0177) // panic(); logmsg($LOG_VERBOSE => "Starting lacme Account Key Manager at $sockname"); socket(my $sock, PF_UNIX, SOCK_STREAM, 0) or panic("socket: $!"); @@ -225,7 +225,7 @@ unless (defined $OPTS{stdio}) { ($SOCKNAME, $S) = ($sockname, $sock); listen($S, 1) or panic("listen: $!"); - umask($umask) // panic("umask: $!"); + umask($umask) // panic(); }; -- cgit v1.2.3