From 250eee7acf7eeb3bd6e3142b7988d2be0a3cba22 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 30 Nov 2021 00:58:15 -0600 Subject: [PATCH] sqlite: Use 0600 The in-tree SQLite3 is used for HDB and ccache -- these should have 0600 permissions. Of course, if we're using an out-of-tree SQLite3, then we need to rely on the process' umask, but we use SQLite3 in libraries, where we can't set the umask... What to do? TBD: - On Windows: nothing to do. - On Unix: if SQLite3 is out of tree then [v]fork() to create the connection then close, then connect again after?? Or... maybe make sure to create an intermediate directory with 0700 permissions? --- lib/sqlite/Makefile.am | 2 +- lib/sqlite/NTMakefile | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/sqlite/Makefile.am b/lib/sqlite/Makefile.am index 772e24f7e..90c1ad910 100644 --- a/lib/sqlite/Makefile.am +++ b/lib/sqlite/Makefile.am @@ -3,7 +3,7 @@ include $(top_srcdir)/Makefile.am.common if ENABLE_PTHREAD_SUPPORT -AM_CPPFLAGS += -DSQLITE_THREADSAFE=1 +AM_CPPFLAGS += -DSQLITE_THREADSAFE=1 -DSQLITE_DEFAULT_FILE_PERMISSIONS=0600 endif AM_CPPFLAGS += -DSQLITE_WITHOUT_ZONEMALLOC=1 diff --git a/lib/sqlite/NTMakefile b/lib/sqlite/NTMakefile index f9e90fb77..ec8d1ebe4 100644 --- a/lib/sqlite/NTMakefile +++ b/lib/sqlite/NTMakefile @@ -37,6 +37,10 @@ INCFILES= \ $(INCDIR)\sqlite3.h \ $(INCDIR)\sqlite3ext.h +# pmode 0600 = _S_IREAD | _S_IWRITE +cdefines = $(cdefines) \ + -DSQLITE_DEFAULT_FILE_PERMISSIONS=0600 + $(LIBSQLITE): $(OBJ)\sqlite3.obj $(LIBCON)