From 192004bf643733b63ea0a364ff8dde47cf368144 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Tue, 15 Jan 2008 15:50:53 +0000
Subject: use umask() to set up file permissions

---
 src/log.c  | 24 ++----------------------
 src/main.c |  5 ++++-
 2 files changed, 6 insertions(+), 23 deletions(-)

(limited to 'src')

diff --git a/src/log.c b/src/log.c
index b42e049..35ae0c3 100644
--- a/src/log.c
+++ b/src/log.c
@@ -33,17 +33,7 @@
 int init_log(void)
 {
 	if (CONFIG(logfile)[0]) {
-		int fd;
-		
-		fd = open(CONFIG(logfile), O_CREAT | O_RDWR, 0600);
-		if (fd == -1) {
-			fprintf(stderr, "ERROR: can't open logfile `%s'."
-				"Reason: %s\n", CONFIG(logfile), 
-						strerror(errno));
-			return -1;
-		}
-
-		STATE(log) = fdopen(fd, "a+");
+		STATE(log) = fopen(CONFIG(logfile), "a+");
 		if (STATE(log) == NULL) {
 			fprintf(stderr, "ERROR: can't open logfile `%s'."
 				"Reason: %s\n", CONFIG(logfile), 
@@ -53,17 +43,7 @@ int init_log(void)
 	}
 
 	if (CONFIG(stats).logfile[0]) {
-		int fd;
-		
-		fd = open(CONFIG(stats).logfile, O_CREAT | O_RDWR, 0600);
-		if (fd == -1) {
-			fprintf(stderr, "ERROR: can't open logfile `%s'."
-				"Reason: %s\n", CONFIG(stats).logfile, 
-						strerror(errno));
-			return -1;
-		}
-
-		STATE(stats_log) = fdopen(fd, "a+");
+		STATE(stats_log) = fopen(CONFIG(stats).logfile, "a+");
 		if (STATE(stats_log) == NULL) {
 			fprintf(stderr, "ERROR: can't open logfile `%s'."
 				"Reason: %s\n", CONFIG(stats).logfile, 
diff --git a/src/main.c b/src/main.c
index 11974ff..a4ee307 100644
--- a/src/main.c
+++ b/src/main.c
@@ -239,6 +239,8 @@ int main(int argc, char *argv[])
 	if (config_set == 0)
 		strcpy(config_file, DEFAULT_CONFIGFILE);
 
+	umask(0177);
+
 	if ((ret = init_config(config_file)) == -1) {
 		fprintf(stderr, "can't open config file `%s'\n", config_file);
 		exit(EXIT_FAILURE);
@@ -262,7 +264,8 @@ int main(int argc, char *argv[])
 	/*
 	 * lock file
 	 */
-	if ((ret = open(CONFIG(lockfile), O_CREAT | O_EXCL | O_TRUNC)) == -1) {
+	ret = open(CONFIG(lockfile), O_CREAT | O_EXCL | O_TRUNC, 0600);
+	if (ret == -1) {
 		fprintf(stderr, "lockfile `%s' exists, perhaps conntrackd "
 			        "already running?\n", CONFIG(lockfile));
 		exit(EXIT_FAILURE);
-- 
cgit v1.2.3