Set a safer umask(2) when running as a daemon.

When running as a daemon. unit currently sets umask(0), i.e no umask.
This is resulting in various directories being created with a mode of
0777, e.g

  rwxrwxrwx

this is currently affecting cgroup and rootfs directories, which are
being created with a mode of 0777, and when running as a daemon as there
is no umask to restrict the permissions.

This also affects the language modules (the umask is inherited over
fork(2)) whereby unless something explicitly sets a umask, files and
directories will be created with full permissions, 0666 (rw-rw-rw-)/
0777 (rwxrwxrwx) respectively.

This could be an unwitting security issue.

My original idea was to just remove the umask(0) call and thus inherit
the umask from the executing shell/program.

However there was some concern about just inheriting whatever umask was
in effect.

Alex suggested that rather than simply removing the umask(0) call we
change it to a value of 022 (which is a common default), which will
result in directories and files with permissions at most of 0755
(rwxr-xr-x) & 0644 (rw-r--r--).

If applications need some other umask set, they can (as they always have
been able to) set their own umask(2).

Suggested-by: Alejandro Colomar <[email protected]>
Reviewed-by: Liam Crilly <[email protected]>
Signed-off-by: Andrew Clayton <[email protected]>

Author: ac000

src/nxt_process.c

@@ -1156,10 +1156,10 @@ nxt_process_daemon(nxt_task_t *task)
     }
 
     /*
-     * Reset file mode creation mask: any access
-     * rights can be set on file creation.
+     * Set a sefe umask to give at most 755/644 permissions on
+     * directories/files.
      */
-    umask(0);
+    umask(0022);
 
     /* Redirect STDIN and STDOUT to the "/dev/null". */