diff options
-rw-r--r-- | futility/updater_utils.c | 6 | ||||
-rw-r--r-- | host/lib/flashrom.c | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/futility/updater_utils.c b/futility/updater_utils.c index 6e2d358d..e87094b4 100644 --- a/futility/updater_utils.c +++ b/futility/updater_utils.c @@ -7,6 +7,8 @@ #include <assert.h> #include <limits.h> +#include <sys/stat.h> +#include <sys/types.h> #include <unistd.h> #include "2common.h" @@ -697,8 +699,12 @@ const char *create_temp_file(struct tempfile *head) struct tempfile *new_temp; char new_path[] = P_tmpdir "/fwupdater.XXXXXX"; int fd; + mode_t umask_save; + /* Set the umask before mkstemp for security considerations. */ + umask_save = umask(077); fd = mkstemp(new_path); + umask(umask_save); if (fd < 0) { ERROR("Failed to create new temp file in %s\n", new_path); return NULL; diff --git a/host/lib/flashrom.c b/host/lib/flashrom.c index 10a5fa8c..b1647ae0 100644 --- a/host/lib/flashrom.c +++ b/host/lib/flashrom.c @@ -13,6 +13,8 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/stat.h> +#include <sys/types.h> #include <unistd.h> #include "2api.h" @@ -43,11 +45,15 @@ static vb2_error_t write_temp_file(const uint8_t *data, uint32_t data_size, ssize_t write_rv; vb2_error_t rv; char *path; + mode_t umask_save; *path_out = NULL; path = strdup(P_tmpdir "/vb2_flashrom.XXXXXX"); + /* Set the umask before mkstemp for security considerations. */ + umask_save = umask(077); fd = mkstemp(path); + umask(umask_save); if (fd < 0) { rv = VB2_ERROR_WRITE_FILE_OPEN; goto fail; |