On 23-08-2022 19:31, Arun Isaac wrote:

> However, when a shepherd service is run using
> make-forkexec-constructor/container, the log file has #o644 permissions. This
> patch corrects that.

There is a small window during which the log file has overly-wide 
permissions, which IIUC makes the log openable when it shouldn't, which 
could later be exploited (after the daemon has been running for a while) 
to extract anything secret written to the log by the service.

Try using (close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) 
#o600)) instead, that should make things atomic.

I do not know if clearing the log file is desired -- if so, remove 
O_APPEND, if not, keep O_APPEND.

Maybe O_RDONLY or O_WRONLY or O_RDWR needs to be added to make the call 
to 'open' succeed.

Greetings,
Maxime