From afdfbe5594be5a0a61943de10cc5671ac53cbf79 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 21 Jul 2015 08:44:06 +0200
Subject: [PATCH] mask world r and group wx permissions in vdisk_alloc

Avoid world-readable disk files being created as suggested
in #416 by setting an umask to strip world permissions as
well as group write/exec permissions before calling
alloc_image.
---
 PVE/Storage.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index 0452a2d..8f81aeb 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -587,7 +587,11 @@ sub vdisk_alloc {
 
     # lock shared storage
     return $plugin->cluster_lock_storage($storeid, $scfg->{shared}, undef, sub {
-	my $volname = $plugin->alloc_image($storeid, $scfg, $vmid, $fmt, $name, $size);
+	my $old_umask = umask(umask|0037);
+	my $volname = eval { $plugin->alloc_image($storeid, $scfg, $vmid, $fmt, $name, $size) };
+	my $err = $@;
+	umask $old_umask;
+	die $err if $err;
 	return "$storeid:$volname";
     });
 }
-- 
2.39.2