diff options
| author | Jack Rosenthal <jrosenth@chromium.org> | 2020-07-16 13:59:41 -0600 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-07-20 19:31:32 +0000 |
| commit | cc210abb146b96513d8acc185a64a7d3fee14aec (patch) | |
| tree | 64f2a7d0fdd4274053b91ecc9726eefc45d0a2f5 /futility/updater_utils.c | |
| parent | ed23c08440dae6657d026a30b504578e03e0426f (diff) | |
| download | vboot-cc210abb146b96513d8acc185a64a7d3fee14aec.tar.gz | |
flashrom: set umask before creating temporary files
Good security practice. Set to 077; resultant file permissions are:
-rw-------
BUG=b:160717634
BRANCH=none
TEST=unit tests
Change-Id: Ib3b853c824be4c98e7b9ddd31797104ec4ab67a9
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2302962
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Diffstat (limited to 'futility/updater_utils.c')
| -rw-r--r-- | futility/updater_utils.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/futility/updater_utils.c b/futility/updater_utils.c index 6e2d358d..e87094b4 100644 --- a/futility/updater_utils.c +++ b/futility/updater_utils.c @@ -7,6 +7,8 @@ #include <assert.h> #include <limits.h> +#include <sys/stat.h> +#include <sys/types.h> #include <unistd.h> #include "2common.h" @@ -697,8 +699,12 @@ const char *create_temp_file(struct tempfile *head) struct tempfile *new_temp; char new_path[] = P_tmpdir "/fwupdater.XXXXXX"; int fd; + mode_t umask_save; + /* Set the umask before mkstemp for security considerations. */ + umask_save = umask(077); fd = mkstemp(new_path); + umask(umask_save); if (fd < 0) { ERROR("Failed to create new temp file in %s\n", new_path); return NULL; |