diff options
| author | Jarkko Hietaniemi <jhi@iki.fi> | 2014-04-24 12:23:18 -0400 |
|---|---|---|
| committer | Steffen Mueller <smueller@cpan.org> | 2014-05-28 19:27:22 +0200 |
| commit | 60f7fc1ea42054e92f34b4ce9d608efd14357392 (patch) | |
| tree | 28c83d8e07c36a239f75ef63cb66708b503152ed /perl.c | |
| parent | c67159e16ee2c8d23fc3c3a55448ffbda709b3f6 (diff) | |
| download | perl-60f7fc1ea42054e92f34b4ce9d608efd14357392.tar.gz | |
Fix for Coverity perl5 CID 29068: Insecure temporary file (SECURE_TEMP) secure_temp: Calling mkstemp() without securely setting umask first.
The umask used for mkstemp should be secure, but umask 0600 has been
the required umask only since POSIX.1-2008. In glibc 2.06 and earlier
the default was 0666, which is not secure. And no explicit knowledge
of how well non-glibc platforms implement mkstemp. Better err on the
side security, so set the umask temporarily to 0600, and then restore it.
Diffstat (limited to 'perl.c')
| -rw-r--r-- | perl.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -3762,7 +3762,9 @@ S_open_script(pTHX_ const char *scriptname, bool dosearch, bool *suidscript) const char * const err = "Failed to create a fake bit bucket"; if (strEQ(scriptname, BIT_BUCKET)) { #ifdef HAS_MKSTEMP /* Hopefully mkstemp() is safe here. */ + int old_umask = umask(0600); int tmpfd = mkstemp(tmpname); + umask(old_umask); if (tmpfd > -1) { scriptname = tmpname; close(tmpfd); |