orccodemem: mask group/other bits for temporary file

Ensures another user can't inject code into your process when winning a race with the ORC temp file code. Coverity 1147013
author: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk> 2014-04-17 09:16:46 +0100
committer: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk> 2014-04-17 09:16:46 +0100
commit: e9f4f44f129aedad37b8b441831406181fb91271 (patch)
tree: 96992a08b9d3a9539aab28d0e0dc599932c078ee
parent: 2d646b423b8b6394bcde5c680c685d1e09af1ee7 (diff)
download: orc-e9f4f44f129aedad37b8b441831406181fb91271.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/orc/orccodemem.c b/orc/orccodemem.c
index b28a4ed..2c93f77 100644
--- a/orc/orccodemem.c
+++ b/orc/orccodemem.c
@@ -198,11 +198,14 @@ orc_code_region_allocate_codemem_dual_map (OrcCodeRegion *region,
   int fd;
   int n;
   char *filename;
+  mode_t mask;
 
   filename = malloc (strlen ("/orcexec..") +
       strlen (dir) + 6 + 1);
   sprintf(filename, "%s/orcexec.XXXXXX", dir);
+  mask = umask (0066);
   fd = mkstemp (filename);
+  umask (mask);
   if (fd == -1) {
     ORC_WARNING ("failed to create temp file");
     free (filename);
author	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>	2014-04-17 09:16:46 +0100
committer	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>	2014-04-17 09:16:46 +0100
commit	e9f4f44f129aedad37b8b441831406181fb91271 (patch)
tree	96992a08b9d3a9539aab28d0e0dc599932c078ee
parent	2d646b423b8b6394bcde5c680c685d1e09af1ee7 (diff)
download	orc-e9f4f44f129aedad37b8b441831406181fb91271.tar.gz