[patch] make sure all uses of mkstemp follow umask

Erik Hovland erik at hovland.org
Thu Jul 20 22:27:01 UTC 2006


Using mkstemp without setting the permission mask with umask potentially
harmful.

Since there are several uses of mkstemp in busybox and none of them use
umask, I made a libbb/umaskmkstemp.c file. That file has a umask() then
mkstemp() call in it called umaskmkstemp(). Then I switched all of the
users of mkstemp to this call instead.

E

-- 
Erik Hovland
mail: erik AT hovland DOT org
web: http://hovland.org/
PGP/GPG public key available on request
-------------- next part --------------
diff -Nurdp -x .svn -x busybox_old busybox-ro/coreutils/dos2unix.c busybox-trunk/coreutils/dos2unix.c
--- busybox-ro/coreutils/dos2unix.c	2006-07-14 16:07:51.102864857 -0700
+++ busybox-trunk/coreutils/dos2unix.c	2006-07-20 14:52:46.476321850 -0700
@@ -42,7 +42,7 @@ static int convert(char *fn)
 		   hold the full path.  However if the output is truncated the
 		   subsequent call to mkstemp would fail.
 		 */
-		if ((i = mkstemp(&bb_common_bufsiz1[0])) == -1
+		if ((i = umaskmkstemp(&bb_common_bufsiz1[0])) == -1
 			|| chmod(bb_common_bufsiz1, 0600) == -1) {
 			bb_perror_nomsg_and_die();
 		}
diff -Nurdp -x .svn -x busybox_old busybox-ro/debianutils/mktemp.c busybox-trunk/debianutils/mktemp.c
--- busybox-ro/debianutils/mktemp.c	2006-07-14 16:07:44.524806765 -0700
+++ busybox-trunk/debianutils/mktemp.c	2006-07-20 14:52:06.170095651 -0700
@@ -28,7 +28,7 @@ int mktemp_main(int argc, char **argv)
 			return EXIT_FAILURE;
 	}
 	else {
-		if (mkstemp(argv[optind]) < 0)
+		if (umaskmkstemp(argv[optind]) < 0)
 			return EXIT_FAILURE;
 	}
 
diff -Nurdp -x .svn -x busybox_old busybox-ro/e2fsprogs/blkid/save.c busybox-trunk/e2fsprogs/blkid/save.c
--- busybox-ro/e2fsprogs/blkid/save.c	2006-07-14 16:07:56.009162328 -0700
+++ busybox-trunk/e2fsprogs/blkid/save.c	2006-07-20 14:52:59.474459838 -0700
@@ -93,7 +93,7 @@ int blkid_flush_cache(blkid_cache cache)
 	if (ret == 0 && S_ISREG(st.st_mode)) {
 		tmp = xmalloc(strlen(filename) + 8);
 		sprintf(tmp, "%s-XXXXXX", filename);
-		fd = mkstemp(tmp);
+		fd = umaskmkstemp(tmp);
 		if (fd >= 0) {
 			file = fdopen(fd, "w");
 			opened = tmp;
diff -Nurdp -x .svn -x busybox_old busybox-ro/editors/sed.c busybox-trunk/editors/sed.c
--- busybox-ro/editors/sed.c	2006-07-14 16:08:08.910315028 -0700
+++ busybox-trunk/editors/sed.c	2006-07-20 14:53:14.592294183 -0700
@@ -1186,7 +1186,7 @@ int sed_main(int argc, char **argv)
 
 						bbg.outname=bb_xstrndup(argv[i],strlen(argv[i])+6);
 						strcat(bbg.outname,"XXXXXX");
-						if(-1==(nonstdoutfd=mkstemp(bbg.outname)))
+						if(-1==(nonstdoutfd=umaskmkstemp(bbg.outname)))
 							bb_error_msg_and_die("no temp file");
 						bbg.nonstdout=fdopen(nonstdoutfd,"w");
 
diff -Nurdp -x .svn -x busybox_old busybox-ro/include/libbb.h busybox-trunk/include/libbb.h
--- busybox-ro/include/libbb.h	2006-07-20 15:07:06.574114598 -0700
+++ busybox-trunk/include/libbb.h	2006-07-20 14:07:45.806862857 -0700
@@ -188,6 +188,7 @@ extern char *itoa(int n);
 extern void xsetgid(gid_t gid);
 extern void xsetuid(uid_t uid);
 extern off_t fdlength(int fd);
+extern int umaskmkstemp(char* path);
 
 #define BB_GETOPT_ERROR 0x80000000UL
 extern const char *bb_opt_complementally;
diff -Nurdp -x .svn -x busybox_old busybox-ro/libbb/umaskmkstemp.c busybox-trunk/libbb/umaskmkstemp.c
--- busybox-ro/libbb/umaskmkstemp.c	1969-12-31 16:00:00.000000000 -0800
+++ busybox-trunk/libbb/umaskmkstemp.c	2006-07-20 14:06:14.108981440 -0700
@@ -0,0 +1,20 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * umaskmkstemp - combines umask and mkstemp so we don't use mkstemp
+ * unsafely.
+ *
+ * Copyright (C) 2006 Erik Hovland
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include "libbb.h"
+
+int umaskmkstemp(char *path)
+{
+	umask(S_IRWXO | S_IRWXG);
+	return mkstemp(path);
+}
+
diff -Nurdp -x .svn -x busybox_old busybox-ro/shell/msh.c busybox-trunk/shell/msh.c
--- busybox-ro/shell/msh.c	2006-07-14 16:07:47.114435957 -0700
+++ busybox-trunk/shell/msh.c	2006-07-20 14:52:27.194084086 -0700
@@ -5086,7 +5086,7 @@ static void readhere(char **name, char *
 
 	DBGPRINTF7(("READHERE: enter, name=%p, s=%p\n", name, s));
 
-	tf = mkstemp(tname);
+	tf = umaskmkstemp(tname);
 	if (tf < 0)
 		return;
 
@@ -5157,7 +5157,7 @@ static int herein(char *hname, int xdoll
 		char tname[30] = ".msh_XXXXXX";
 		jmp_buf ev;
 
-		tf = mkstemp(tname);
+		tf = umaskmkstemp(tname);
 		if (tf < 0)
 			return (-1);
 		if (newenv(setjmp(errpt = ev)) == 0) {
--- busybox-ro/libbb/Makefile.in	2006-07-14 16:07:55.612219166 -0700
+++ busybox-trunk/libbb/Makefile.in	2006-07-20 15:12:39.559410041 -0700
@@ -35,7 +35,7 @@ LIBBB-y:= \
 	getopt_ulflags.c default_error_retval.c wfopen_input.c speed_table.c \
 	perror_nomsg_and_die.c perror_nomsg.c skip_whitespace.c bb_askpass.c \
 	warn_ignoring_args.c concat_subpath_file.c vfork_daemon_rexec.c \
-	bb_do_delay.c
+	bb_do_delay.c umaskmkstemp.c
 
 # conditionally compiled objects:
 LIBBB-$(CONFIG_FEATURE_MOUNT_LOOP)+= loop.c


More information about the busybox mailing list