From: Sebastian Dransfeld Date: Wed, 16 Oct 2013 02:28:53 +0000 (+0200) Subject: Set secure file permissions for temporary file X-Git-Tag: submit/devel/efl/20131029.075644~55 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7576ff00f3e014db84ae1a044ae60a78c2222c31;p=platform%2Fupstream%2Fefl.git Set secure file permissions for temporary file From glibc mkstemp man page: In glibc versions 2.06 and earlier, the file is created with permissions 0666, that is, read and write for all users. This old behavior may be a security risk, especially since other UNIX flavors use 0600, and somebody might overlook this detail when porting programs. POSIX.1-2008 adds a requirement that the file be created with mode 0600. More generally, the POSIX specification of mkstemp() does not say anything about file modes, so the application should make sure its file mode creation mask (see umask(2)) is set appropriately before calling mkstemp() (and mkostemp()). And: http://cwe.mitre.org/data/definitions/377.html --- diff --git a/src/lib/eina/eina_file_common.c b/src/lib/eina/eina_file_common.c index ec9cac8..9a222c2 100644 --- a/src/lib/eina/eina_file_common.c +++ b/src/lib/eina/eina_file_common.c @@ -869,6 +869,7 @@ eina_file_mkstemp(const char *templatename, Eina_Tmpstr **path) char buffer[PATH_MAX]; const char *tmpdir; int fd; + mode_t old_umask; #ifndef HAVE_EVIL tmpdir = getenv("TMPDIR"); @@ -877,7 +878,13 @@ eina_file_mkstemp(const char *templatename, Eina_Tmpstr **path) tmpdir = (char *)evil_tmpdir_get(); #endif /* ! HAVE_EVIL */ + /* + * Make sure temp file is created with secure permissions, + * http://man7.org/linux/man-pages/man3/mkstemp.3.html#NOTES + */ + old_umask = umask(0077); snprintf(buffer, PATH_MAX, "%s/%s", tmpdir, templatename); + umask(old_umask); fd = mkstemp(buffer); if (path) *path = eina_tmpstr_add(buffer);