[update_engine] Fix file creation mask to be 0600
In addition to changing the write() call in utils.cc, I also set the umask
of the process to be 177 -- meaning that files will be AT MOST -rw-------
I do this _after_ we initialize logging, so that we don't create log files
with unnecessarily restrictive permissions.
BUG=chromium-os:6581
TEST=Unit tests,
Change-Id: Id6b805a1524af391755bc1df69ec0f6c382154c2
[update_engine] Ensure that created files have restrictive permissions
Change-Id: If93e043465083f7c48619d0e7163dd73f8c46090
Review URL: http://codereview.chromium.org/3495002
diff --git a/main.cc b/main.cc
index f027033..daa5eda 100644
--- a/main.cc
+++ b/main.cc
@@ -13,6 +13,8 @@
#include <gflags/gflags.h>
#include <glib.h>
#include <metrics/metrics_library.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include "update_engine/dbus_constants.h"
#include "update_engine/dbus_service.h"
@@ -105,6 +107,12 @@
LOG(INFO) << "Chrome OS Update Engine starting";
+ // Ensure that all written files have safe permissions.
+ // This is a mask, so we _block_ execute for the owner, and ALL
+ // permissions for other users.
+ // Done _after_ log file creation.
+ umask(S_IXUSR | S_IRWXG | S_IRWXO);
+
// Create the single GMainLoop
GMainLoop* loop = g_main_loop_new(g_main_context_default(), FALSE);