From 974d151ef8587d5ba3b6442eec500fefb18b4a9c Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sat, 5 Jan 2008 17:21:28 +0000 Subject: fix logfiles permissions, do not default to umask --- ChangeLog | 1 + src/log.c | 38 ++++++++++++++++++++++++++++++++------ src/main.c | 4 +--- 3 files changed, 34 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed21d7f..6d0bdc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,7 @@ o detach daemon from its terminal (Ben Lenitz ) o obsolete `-S' option: Use information provided by the config file o daemonize conntrackd after initialization o rename class `buffer' to `queue' which is what it really implements +o fix logfiles permissions, do not default to umask version 0.9.5 (2007/07/29) ------------------------------ diff --git a/src/log.c b/src/log.c index 3e3dd12..176bdcd 100644 --- a/src/log.c +++ b/src/log.c @@ -19,28 +19,54 @@ */ #include +#include +#include +#include #include #include #include +#include #include "buffer.h" #include "conntrackd.h" int init_log(void) { if (CONFIG(logfile)[0]) { - STATE(log) = fopen(CONFIG(logfile), "a+"); + int fd; + + fd = open(CONFIG(logfile), O_CREAT | O_RDWR, 0600); + if (fd == -1) { + fprintf(stderr, "ERROR: can't open logfile `%s'." + "Reason: %s\n", CONFIG(logfile), + strerror(errno)); + return -1; + } + + STATE(log) = fdopen(fd, "a+"); if (STATE(log) == NULL) { - fprintf(stderr, "can't open log file `%s'\n", - CONFIG(logfile)); + fprintf(stderr, "ERROR: can't open logfile `%s'." + "Reason: %s\n", CONFIG(logfile), + strerror(errno)); return -1; } } if (CONFIG(stats).logfile[0]) { - STATE(stats_log) = fopen(CONFIG(stats).logfile, "a+"); + int fd; + + fd = open(CONFIG(stats).logfile, O_CREAT | O_RDWR, 0600); + if (fd == -1) { + fprintf(stderr, "ERROR: can't open logfile `%s'." + "Reason: %s\n", CONFIG(stats).logfile, + strerror(errno)); + return -1; + } + + STATE(stats_log) = fdopen(fd, "a+"); if (STATE(stats_log) == NULL) { - fprintf(stderr, "can't open log file `%s'\n", - CONFIG(stats).logfile); + fprintf(stderr, "ERROR: can't open logfile `%s'." + "Reason: %s\n", CONFIG(stats).logfile, + strerror(errno)); return -1; } } diff --git a/src/main.c b/src/main.c index 3cf44ba..33235e9 100644 --- a/src/main.c +++ b/src/main.c @@ -246,10 +246,8 @@ int main(int argc, char *argv[]) /* * Setting up logging */ - if (config_set && init_log() == -1) { - fprintf(stderr, "can't open logfile `%s\n'", CONFIG(logfile)); + if (config_set && init_log() == -1) exit(EXIT_FAILURE); - } if (type == REQUEST) { if (do_local_request(action, &conf.local, local_step) == -1) { -- cgit v1.2.3