From bb16f4fb101f73faa3b6c82a9f61da87b1685c8d Mon Sep 17 00:00:00 2001
From: Cole Helbling <cole.helbling@determinate.systems>
Date: Mon, 24 Jan 2022 11:27:09 -0800
Subject: [PATCH] RunCommand: set umask when creating log paths

This uses the somewhat restrictive umask of 0027 so that people outside
the user or group cannot read the files. This also helps to inhibit
TOCTOU where someone else has a handle to our file before we chmod it
and after we close it.
---
 src/lib/Hydra/Plugin/RunCommand.pm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/Hydra/Plugin/RunCommand.pm b/src/lib/Hydra/Plugin/RunCommand.pm
index 725f7aaa..084e0dd8 100644
--- a/src/lib/Hydra/Plugin/RunCommand.pm
+++ b/src/lib/Hydra/Plugin/RunCommand.pm
@@ -167,12 +167,16 @@ sub buildFinished {
         my $filename = constructRunCommandLogFilename(sha1_hex($command), $build->get_column('id'));
         my $logPath = constructRunCommandLogPath($filename);
         my $dir = dirname($logPath);
+        my $oldUmask = umask();
 
-        mkdir($dir, oct(755));
+        # file: 640, dir: 750
+        umask(0027);
+        mkdir($dir);
 
         open(my $f, '>', $logPath);
         close($f);
-        chmod(oct(644), $logPath);
+
+        umask($oldUmask);
 
         # Run the command
         system("$command 1>$logpath 2>&1") == 0