[Rpm-maint] [PATCH] rpmio: Set a umask before using mkstemp()
Mukund Sivaraman
muks at banu.com
Fri Sep 30 10:04:44 UTC 2011
This commit sets a restrictive umask before calling mkstemp().
This is because the permissions of files created by mkstemp() are
not defined in POSIX. Old versions of glibc created files with
mode 0666 which can be a security hole. Because the behavior is
implementation-dependent, we set a umask.
---
rpmio/rpmfileutil.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c
index 4031c18..7c229e6 100644
--- a/rpmio/rpmfileutil.c
+++ b/rpmio/rpmfileutil.c
@@ -17,6 +17,8 @@
#include <sys/mman.h>
#endif
+#include <sys/types.h>
+#include <sys/stat.h>
#include <sys/wait.h>
#include <errno.h>
#include <popt.h>
@@ -237,10 +239,14 @@ exit:
FD_t rpmMkTemp(char *templ)
{
+ mode_t mode;
int sfd;
FD_t tfd = NULL;
+ mode = umask(0077);
sfd = mkstemp(templ);
+ umask(mode);
+
if (sfd < 0) {
goto exit;
}
--
1.7.4.4
More information about the Rpm-maint
mailing list