Set secure file permissions for temporary file

From glibc mkstemp man page:
       In glibc versions 2.06 and earlier, the file is created with
       permissions 0666, that is, read and write for all users.  This old
       behavior may be a security risk, especially since other UNIX flavors
       use 0600, and somebody might overlook this detail when porting
       programs.  POSIX.1-2008 adds a requirement that the file be created
       with mode 0600.

       More generally, the POSIX specification of mkstemp() does not say
       anything about file modes, so the application should make sure its
       file mode creation mask (see umask(2)) is set appropriately before
       calling mkstemp() (and mkostemp()).

And:
	http://cwe.mitre.org/data/definitions/377.html

diff --git a/src/lib/eina/eina_file_common.c b/src/lib/eina/eina_file_common.c
index ec9cac8..9a222c2 100644 (file)
--- a/src/lib/eina/eina_file_common.c
+++ b/src/lib/eina/eina_file_common.c
@@ -869,6 +869,7 @@ eina_file_mkstemp(const char *templatename, Eina_Tmpstr **path)
    char buffer[PATH_MAX];
    const char *tmpdir;
    int fd;
+   mode_t old_umask;
 
 #ifndef HAVE_EVIL
    tmpdir = getenv("TMPDIR");
@@ -877,7 +878,13 @@ eina_file_mkstemp(const char *templatename, Eina_Tmpstr **path)
    tmpdir = (char *)evil_tmpdir_get();
 #endif /* ! HAVE_EVIL */
 
+   /* 
+    * Make sure temp file is created with secure permissions,
+    * http://man7.org/linux/man-pages/man3/mkstemp.3.html#NOTES
+    */
+   old_umask = umask(0077);
    snprintf(buffer, PATH_MAX, "%s/%s", tmpdir, templatename);
+   umask(old_umask);
 
    fd = mkstemp(buffer);
    if (path) *path = eina_tmpstr_add(buffer);