diff --git a/pkg/cli/haproxy.go b/pkg/cli/haproxy.go index c8baaa0e87a2..b1e861d3e6ef 100644 --- a/pkg/cli/haproxy.go +++ b/pkg/cli/haproxy.go @@ -236,7 +236,7 @@ func runGenHAProxyCmd(cmd *cobra.Command, args []string) error { var f *os.File if haProxyPath == "-" { w = os.Stdout - } else if f, err = os.OpenFile(haProxyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755); err != nil { + } else if f, err = os.OpenFile(haProxyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644); err != nil { return err } else { w = f diff --git a/pkg/cli/sql_test.go b/pkg/cli/sql_test.go index 412ad5281006..e56c59b3c28b 100644 --- a/pkg/cli/sql_test.go +++ b/pkg/cli/sql_test.go @@ -75,7 +75,7 @@ select ''' for _, test := range tests { // Populate the test input. - if f, err = os.OpenFile(fname, os.O_WRONLY, 0666); err != nil { + if f, err = os.OpenFile(fname, os.O_WRONLY, 0644); err != nil { fmt.Fprintln(stderr, err) return } diff --git a/pkg/cli/start.go b/pkg/cli/start.go index 97a54642d6be..796750450ad2 100644 --- a/pkg/cli/start.go +++ b/pkg/cli/start.go @@ -445,6 +445,15 @@ func runStart(cmd *cobra.Command, args []string, disableReplication bool) error return err } + // Change the permission mask for all created files. + // + // We're considering everything produced by a cockroach node + // to potentially contain sensitive information, so it should + // not be world-readable. + disableOtherPermissionBits() + + // TODO(knz): the following call is not in the right place. + // See: https://github.com/cockroachdb/cockroach/issues/44041 if s, err := serverCfg.Stores.GetPreventedStartupMessage(); err != nil { return err } else if s != "" { diff --git a/pkg/cli/start_unix.go b/pkg/cli/start_unix.go index b3e50afb4e9f..0e73c99ad9b6 100644 --- a/pkg/cli/start_unix.go +++ b/pkg/cli/start_unix.go @@ -88,3 +88,9 @@ func maybeRerunBackground() (bool, error) { } return false, nil } + +func disableOtherPermissionBits() { + mask := unix.Umask(0000) + mask |= 00007 + _ = unix.Umask(mask) +} diff --git a/pkg/cli/start_windows.go b/pkg/cli/start_windows.go index e4e10f700d24..b3549eb1fec4 100644 --- a/pkg/cli/start_windows.go +++ b/pkg/cli/start_windows.go @@ -25,3 +25,7 @@ func handleSignalDuringShutdown(os.Signal) { func maybeRerunBackground() (bool, error) { return false, nil } + +func disableOtherPermissionBits() { + // No-op on windows, which does not support umask. +} diff --git a/pkg/cli/systembench/disk_bench.go b/pkg/cli/systembench/disk_bench.go index c2af2aa38f44..65d67610fd2a 100644 --- a/pkg/cli/systembench/disk_bench.go +++ b/pkg/cli/systembench/disk_bench.go @@ -151,7 +151,7 @@ func newTempFile(dir string) (*os.File, error) { } return os.OpenFile(tempFileName, - os.O_RDWR|os.O_APPEND, 0660) + os.O_RDWR|os.O_APPEND, 0640) } // Run runs I/O benchmarks specified by diskOpts. diff --git a/pkg/util/log/file.go b/pkg/util/log/file.go index 197c33acd313..836e238b7ecd 100644 --- a/pkg/util/log/file.go +++ b/pkg/util/log/file.go @@ -246,7 +246,7 @@ func create( fname := filepath.Join(dir, name) // Open the file os.O_APPEND|os.O_CREATE rather than use os.Create. // Append is almost always more efficient than O_RDRW on most modern file systems. - f, err = os.OpenFile(fname, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0664) + f, err = os.OpenFile(fname, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) if err == nil { symlink := filepath.Join(dir, link)