flashrom: set umask before creating temporary files

Good security practice.  Set to 077; resultant file permissions are:
  -rw-------

BUG=b:160717634
BRANCH=none
TEST=unit tests

Change-Id: Ib3b853c824be4c98e7b9ddd31797104ec4ab67a9
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2302962
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>

2 files changed, 12 insertions, 0 deletions

diff --git a/futility/updater_utils.c b/futility/updater_utils.c
index 6e2d358d..e87094b4 100644
--- a/futility/updater_utils.c
+++ b/futility/updater_utils.c
@@ -7,6 +7,8 @@
 
 #include <assert.h>
 #include <limits.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 #include <unistd.h>
 
 #include "2common.h"
@@ -697,8 +699,12 @@ const char *create_temp_file(struct tempfile *head)
 	struct tempfile *new_temp;
 	char new_path[] = P_tmpdir "/fwupdater.XXXXXX";
 	int fd;
+	mode_t umask_save;
 
+	/* Set the umask before mkstemp for security considerations. */
+	umask_save = umask(077);
 	fd = mkstemp(new_path);
+	umask(umask_save);
 	if (fd < 0) {
 		ERROR("Failed to create new temp file in %s\n", new_path);
 		return NULL;
diff --git a/host/lib/flashrom.c b/host/lib/flashrom.c
index 10a5fa8c..b1647ae0 100644
--- a/host/lib/flashrom.c
+++ b/host/lib/flashrom.c
@@ -13,6 +13,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 #include <unistd.h>
 
 #include "2api.h"
@@ -43,11 +45,15 @@ static vb2_error_t write_temp_file(const uint8_t *data, uint32_t data_size,
 	ssize_t write_rv;
 	vb2_error_t rv;
 	char *path;
+	mode_t umask_save;
 
 	*path_out = NULL;
 	path = strdup(P_tmpdir "/vb2_flashrom.XXXXXX");
 
+	/* Set the umask before mkstemp for security considerations. */
+	umask_save = umask(077);
 	fd = mkstemp(path);
+	umask(umask_save);
 	if (fd < 0) {
 		rv = VB2_ERROR_WRITE_FILE_OPEN;
 		goto fail;