diff options
author | Assaf Gordon <assafgordon@gmail.com> | 2019-08-30 14:35:24 -0600 |
---|---|---|
committer | Assaf Gordon <assafgordon@gmail.com> | 2019-09-05 13:10:29 -0600 |
commit | f69b085d3e7011ad6fa1dcf1473879a961fa1605 (patch) | |
tree | 83f7ec84d1ef6c12381574de74286a2eca568387 | |
parent | a9cb52bcf39f0ee307301ac73c11acb24372b9d8 (diff) | |
download | sed-f69b085d3e7011ad6fa1dcf1473879a961fa1605.tar.gz |
sed: set correct umask on temporary files
"sed -i" now creates temporary files with correct umask (limited to u=rwx).
Previously sed would incorrectly set umask, and combined with mkostemp
creating file with mode 0600, the result would be a file with
permission mode 0.
Reported by Dr N.W. Filardo <nwf20@cam.ac.uk>:
https://lists.gnu.org/r/sed-devel/2019-08/msg00000.html
"The net effect is that this patch does not do what it says on the tin:
it does not improve the security story at all. Things continue to
function because the subsequent operations are via f*() APIs, which
take the open file handle, and in particular fchmod() will put the
bits back to something sensible.
However, when running atop, for example, fuse-style filesystems which do
not keep open descriptors to underlying files, this is catastrophic:
the underlying file will have I_SRWXU of zero, and so the filesystem
server will be unable to open the file for the fchmod() and that's
the end of that."
"fuse-overlayfs" is an example of a filesystem with such issues.
This change was made in commit 5156c19b23c41f438bf8658e1b9a43a5ff136835
and was released in sed 4.2.1.
* NEWS: Mention change.
* sed/utils.c (ck_mkstemp): Set correct umask.
-rw-r--r-- | NEWS | 7 | ||||
-rw-r--r-- | sed/utils.c | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -2,6 +2,13 @@ GNU sed NEWS -*- outline -*- * Noteworthy changes in release ?.? (????-??-??) [?] +** Bug fixes + + "sed -i" now creates temporary files with correct umask (limited to u=rwx). + Previously sed would incorrectly set umask on temporary files, resulting + in problems under certain fuse-like file systems. + [bug introduced in sed 4.2.1] + * Noteworthy changes in release 4.7 (2018-12-20) [stable] diff --git a/sed/utils.c b/sed/utils.c index 4028d98..2e74654 100644 --- a/sed/utils.c +++ b/sed/utils.c @@ -181,7 +181,7 @@ ck_mkstemp (char **p_filename, const char *tmpdir, /* The ownership might change, so omit some permissions at first so unauthorized users cannot nip in before the file is ready. mkstemp forces O_BINARY on cygwin, so use mkostemp instead. */ - mode_t save_umask = umask (0700); + mode_t save_umask = umask (0077); int fd = mkostemp (template, 0); umask (save_umask); if (fd == -1) |