rocksdb/env
Imanol-Mikel Barba Sabariego 04191e1c5d Adding safer permissions to PosixFilesystem::NewLogger (#8106)
Summary:
We have observed rocksdb databases creating info log files with world-writeable permissions.

The reason why the file is created like so is because stdio streams opened with fopen calls use mode 0666, and while normally most systems have a umask of 022, in some occasions (for instance, while running daemons), you may find that the application is running with a less restrictive umask. The result is that when opening the DB, the LOG file would be created with world-writeable perms:

```
$ ls -lh db/
total 6.4M
-rw-r--r-- 1 ibarba users  115 Mar 24 17:41 000004.log
-rw-r--r-- 1 ibarba users   16 Mar 24 17:41 CURRENT
-rw-r--r-- 1 ibarba users   37 Mar 24 17:41 IDENTITY
-rw-r--r-- 1 ibarba users    0 Mar 24 17:41 LOCK
-rw-rw-r-- 1 ibarba users 114K Mar 24 17:41 LOG
-rw-r--r-- 1 ibarba users  514 Mar 24 17:41 MANIFEST-000003
-rw-r--r-- 1 ibarba users  31K Mar 24 17:41 OPTIONS-000018
-rw-r--r-- 1 ibarba users  31K Mar 24 17:41 OPTIONS-000020
```

This diff replaces the fopen call with a regular open() call restricting mode, and then using fdopen to associate an stdio stream with that file descriptor. Resulting in the following files being created:

```
-rw-r--r-- 1 ibarba users   58 Mar 24 18:16 000004.log
-rw-r--r-- 1 ibarba users   16 Mar 24 18:16 CURRENT
-rw-r--r-- 1 ibarba users   37 Mar 24 18:16 IDENTITY
-rw-r--r-- 1 ibarba users    0 Mar 24 18:16 LOCK
-rw-r--r-- 1 ibarba users 111K Mar 24 18:16 LOG
-rw-r--r-- 1 ibarba users  514 Mar 24 18:16 MANIFEST-000003
-rw-r--r-- 1 ibarba users  31K Mar 24 18:16 OPTIONS-000018
-rw-r--r-- 1 ibarba users  31K Mar 24 18:16 OPTIONS-000020
```

With the correct permissions

Pull Request resolved: https://github.com/facebook/rocksdb/pull/8106

Reviewed By: akankshamahajan15

Differential Revision: D27415377

Pulled By: mrambacher

fbshipit-source-id: 97ac6c215700a7ea306f4a1fdf9fcf64a3cbb202
2021-03-29 20:47:21 -07:00
..
composite_env.cc Add new Append API with DataVerificationInfo to Env WritableFile (#8071) 2021-03-19 11:44:13 -07:00
composite_env_wrapper.h Remove Legacy and Custom FileWrapper classes from header files (#7851) 2021-01-28 22:10:32 -08:00
env.cc Remove Legacy and Custom FileWrapper classes from header files (#7851) 2021-01-28 22:10:32 -08:00
env_basic_test.cc Improvements to Env::GetChildren (#7819) 2021-01-09 09:44:34 -08:00
env_chroot.cc Use thread-safe `strerror_r()` to get error message (#8087) 2021-03-24 23:07:27 -07:00
env_chroot.h Replace namespace name "rocksdb" with ROCKSDB_NAMESPACE (#6433) 2020-02-20 12:09:57 -08:00
env_encryption.cc Make ChRootEnv, EncryptedEnv, and TimedEnv into FileSystems (#7968) 2021-03-15 19:50:11 -07:00
env_encryption_ctr.h Changes to EncryptedEnv public API (#7279) 2020-09-15 17:14:10 -07:00
env_hdfs.cc Use thread-safe `strerror_r()` to get error message (#8087) 2021-03-24 23:07:27 -07:00
env_posix.cc Use thread-safe `strerror_r()` to get error message (#8087) 2021-03-24 23:07:27 -07:00
env_test.cc Use thread-safe `strerror_r()` to get error message (#8087) 2021-03-24 23:07:27 -07:00
file_system.cc Create a CustomEnv class; Add WinFileSystem; Make LegacyFileSystemWrapper private (#7703) 2021-01-06 10:49:32 -08:00
file_system_tracer.cc Add a SystemClock class to capture the time functions of an Env (#7858) 2021-01-25 22:09:11 -08:00
file_system_tracer.h Use SystemClock* instead of std::shared_ptr<SystemClock> in lower level routines (#8033) 2021-03-15 04:34:11 -07:00
fs_posix.cc Adding safer permissions to PosixFilesystem::NewLogger (#8106) 2021-03-29 20:47:21 -07:00
io_posix.cc Always truncate the latest WAL file on DB Open (#8122) 2021-03-28 10:00:08 -07:00
io_posix.h Add AppendWithVerify and PositionedAppendWithVerify to Env and FileSystem (#7419) 2020-09-23 19:02:26 -07:00
io_posix_test.cc Status check enforcement for io_posix_test and options_settable_test (#6857) 2020-05-19 19:22:28 -07:00
mock_env.cc Always truncate the latest WAL file on DB Open (#8122) 2021-03-28 10:00:08 -07:00
mock_env.h Use SystemClock* instead of std::shared_ptr<SystemClock> in lower level routines (#8033) 2021-03-15 04:34:11 -07:00
mock_env_test.cc Replace namespace name "rocksdb" with ROCKSDB_NAMESPACE (#6433) 2020-02-20 12:09:57 -08:00