Overly permissive umask for daemons

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

N/A

N/A

Apache Airflow 竞争条件问题漏洞

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.3.4之前的版本存在安全漏洞，该漏洞源于当运行时带有“--daemon”标志时，会为多个Airflow组件配置一个不安全的权限，这可能会导致在Airflow主目录下给具有全局可写权限的文件带来竞争条件，并允许本地用户通过web服务器公开任意文件内容。

N/A

N/A