Set secure file permissions for temporary file

From glibc mkstemp man page:
       In glibc versions 2.06 and earlier, the file is created with
       permissions 0666, that is, read and write for all users.  This old
       behavior may be a security risk, especially since other UNIX flavors
       use 0600, and somebody might overlook this detail when porting
       programs.  POSIX.1-2008 adds a requirement that the file be created
       with mode 0600.

       More generally, the POSIX specification of mkstemp() does not say
       anything about file modes, so the application should make sure its
       file mode creation mask (see umask(2)) is set appropriately before
       calling mkstemp() (and mkostemp()).

And:
	http://cwe.mitre.org/data/definitions/377.html

diff --git a/src/lib/eina/eina_file_common.c b/src/lib/eina/eina_file_common.c
index ec9cac8a6eb8dd1dd7f698aec584eaf37becd00f..9a222c2b4743140816755c9254363d392f119ad4 100644 (file)
--- a/src/lib/eina/eina_file_common.c
+++ b/src/lib/eina/eina_file_common.c
@@ -869,6 +869,7 @@ eina_file_mkstemp(const char *templatename, Eina_Tmpstr **path)
    char buffer[PATH_MAX];
    const char *tmpdir;
    int fd;
+   mode_t old_umask;
 
 #ifndef HAVE_EVIL
    tmpdir = getenv("TMPDIR");
@@ -877,7 +878,13 @@ eina_file_mkstemp(const char *templatename, Eina_Tmpstr **path)
    tmpdir = (char *)evil_tmpdir_get();
 #endif /* ! HAVE_EVIL */
 
+   /* 
+    * Make sure temp file is created with secure permissions,
+    * http://man7.org/linux/man-pages/man3/mkstemp.3.html#NOTES
+    */
+   old_umask = umask(0077);
    snprintf(buffer, PATH_MAX, "%s/%s", tmpdir, templatename);
+   umask(old_umask);
 
    fd = mkstemp(buffer);
    if (path) *path = eina_tmpstr_add(buffer);