Message ID | 50754E8F.90309@net-b.de |
---|---|
State | New |
Headers | show |
On Wed, Oct 10, 2012 at 1:31 PM, Tobias Burnus <burnus@net-b.de> wrote: > Depending on the system mkstemp might create the scratch files with 0666 > permission (e.g. glibc <= 2.06); for security reasons, it should use 0600. > Thus, one is supposed to set a umask before calling the function (see, e.g., > the Linux man page for mkstemp). > > Build and regtested on x86-64-linux. > OK for the trunk? Ok, thanks for the patch. > Is this something one should back port to the branches? By all means, if you have the energy.
diff --git a/libgfortran/io/unix.c b/libgfortran/io/unix.c index 805d4bb..713d54c 100644 --- a/libgfortran/io/unix.c +++ b/libgfortran/io/unix.c @@ -1051,6 +1051,9 @@ tempfile_open (const char *tempdir, char **fname) { int fd; const char *slash = "/"; +#if defined(HAVE_UMASK) && defined(HAVE_MKSTEMP) + mode_t mode_mask; +#endif if (!tempdir) return -1; @@ -1072,8 +1075,17 @@ tempfile_open (const char *tempdir, char **fname) snprintf (template, tempdirlen + 23, "%s%sgfortrantmpXXXXXX", tempdir, slash); +#ifdef HAVE_UMASK + /* Temporarily set the umask such that the file has 0600 permissions. */ + mode_mask = umask (S_IXUSR | S_IRWXG | S_IRWXO); +#endif + fd = mkstemp (template); +#ifdef HAVE_UMASK + (void) umask (mode_mask); +#endif + #else /* HAVE_MKSTEMP */ fd = -1; int count = 0;