From 373de39ec19b747126e8cc9971eabc8a620f7a87 Mon Sep 17 00:00:00 2001
From: Daniel Kobras <d.kobras@science-computing.de>
Date: Wed, 28 Nov 2012 09:57:34 -0800
Subject: [PATCH] LU-2302 scripts: prevent lfs_migrate data disclosure

Tighten umask to make sure temporary rsync files are created
with strict permissions that don't grant access to unprivileged
users.

Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Change-Id: Ie662edfd615a24ce08cbddb9347f197de41d4d27
Reviewed-on: http://review.whamcloud.com/4699
Tested-by: Hudson
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Keith Mannthey <keith.mannthey@intel.com>
---
 lustre/scripts/lfs_migrate | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lustre/scripts/lfs_migrate b/lustre/scripts/lfs_migrate
index 7d9386f..c285510 100755
--- a/lustre/scripts/lfs_migrate
+++ b/lustre/scripts/lfs_migrate
@@ -90,6 +90,12 @@ $RSYNC --help 2>&1 | grep -q acls && RSYNC_OPTS="$RSYNC_OPTS -A"
 # If rsync copies lustre xattrs in the future, then we can skip lfs (bug 22189)
 strings $(which $RSYNC) 2>&1 | grep -q lustre && LFS=:
 
+# rsync creates its temporary files with lenient permissions, even if
+# permissions on the original files are more strict. Tighten umask here
+# to avoid the brief window where unprivileged users might be able to
+# access the temporary file.
+umask 0077
+
 lfs_migrate() {
 	while IFS='' read -d '' OLDNAME; do
 		$ECHO -n "$OLDNAME: "
-- 
1.8.3.1