[patch] make sure all uses of mkstemp follow umask
Erik Hovland
erik at hovland.org
Thu Jul 20 22:27:01 UTC 2006
Using mkstemp without setting the permission mask with umask potentially
harmful.
Since there are several uses of mkstemp in busybox and none of them use
umask, I made a libbb/umaskmkstemp.c file. That file has a umask() then
mkstemp() call in it called umaskmkstemp(). Then I switched all of the
users of mkstemp to this call instead.
E
--
Erik Hovland
mail: erik AT hovland DOT org
web: http://hovland.org/
PGP/GPG public key available on request
-------------- next part --------------
diff -Nurdp -x .svn -x busybox_old busybox-ro/coreutils/dos2unix.c busybox-trunk/coreutils/dos2unix.c
--- busybox-ro/coreutils/dos2unix.c 2006-07-14 16:07:51.102864857 -0700
+++ busybox-trunk/coreutils/dos2unix.c 2006-07-20 14:52:46.476321850 -0700
@@ -42,7 +42,7 @@ static int convert(char *fn)
hold the full path. However if the output is truncated the
subsequent call to mkstemp would fail.
*/
- if ((i = mkstemp(&bb_common_bufsiz1[0])) == -1
+ if ((i = umaskmkstemp(&bb_common_bufsiz1[0])) == -1
|| chmod(bb_common_bufsiz1, 0600) == -1) {
bb_perror_nomsg_and_die();
}
diff -Nurdp -x .svn -x busybox_old busybox-ro/debianutils/mktemp.c busybox-trunk/debianutils/mktemp.c
--- busybox-ro/debianutils/mktemp.c 2006-07-14 16:07:44.524806765 -0700
+++ busybox-trunk/debianutils/mktemp.c 2006-07-20 14:52:06.170095651 -0700
@@ -28,7 +28,7 @@ int mktemp_main(int argc, char **argv)
return EXIT_FAILURE;
}
else {
- if (mkstemp(argv[optind]) < 0)
+ if (umaskmkstemp(argv[optind]) < 0)
return EXIT_FAILURE;
}
diff -Nurdp -x .svn -x busybox_old busybox-ro/e2fsprogs/blkid/save.c busybox-trunk/e2fsprogs/blkid/save.c
--- busybox-ro/e2fsprogs/blkid/save.c 2006-07-14 16:07:56.009162328 -0700
+++ busybox-trunk/e2fsprogs/blkid/save.c 2006-07-20 14:52:59.474459838 -0700
@@ -93,7 +93,7 @@ int blkid_flush_cache(blkid_cache cache)
if (ret == 0 && S_ISREG(st.st_mode)) {
tmp = xmalloc(strlen(filename) + 8);
sprintf(tmp, "%s-XXXXXX", filename);
- fd = mkstemp(tmp);
+ fd = umaskmkstemp(tmp);
if (fd >= 0) {
file = fdopen(fd, "w");
opened = tmp;
diff -Nurdp -x .svn -x busybox_old busybox-ro/editors/sed.c busybox-trunk/editors/sed.c
--- busybox-ro/editors/sed.c 2006-07-14 16:08:08.910315028 -0700
+++ busybox-trunk/editors/sed.c 2006-07-20 14:53:14.592294183 -0700
@@ -1186,7 +1186,7 @@ int sed_main(int argc, char **argv)
bbg.outname=bb_xstrndup(argv[i],strlen(argv[i])+6);
strcat(bbg.outname,"XXXXXX");
- if(-1==(nonstdoutfd=mkstemp(bbg.outname)))
+ if(-1==(nonstdoutfd=umaskmkstemp(bbg.outname)))
bb_error_msg_and_die("no temp file");
bbg.nonstdout=fdopen(nonstdoutfd,"w");
diff -Nurdp -x .svn -x busybox_old busybox-ro/include/libbb.h busybox-trunk/include/libbb.h
--- busybox-ro/include/libbb.h 2006-07-20 15:07:06.574114598 -0700
+++ busybox-trunk/include/libbb.h 2006-07-20 14:07:45.806862857 -0700
@@ -188,6 +188,7 @@ extern char *itoa(int n);
extern void xsetgid(gid_t gid);
extern void xsetuid(uid_t uid);
extern off_t fdlength(int fd);
+extern int umaskmkstemp(char* path);
#define BB_GETOPT_ERROR 0x80000000UL
extern const char *bb_opt_complementally;
diff -Nurdp -x .svn -x busybox_old busybox-ro/libbb/umaskmkstemp.c busybox-trunk/libbb/umaskmkstemp.c
--- busybox-ro/libbb/umaskmkstemp.c 1969-12-31 16:00:00.000000000 -0800
+++ busybox-trunk/libbb/umaskmkstemp.c 2006-07-20 14:06:14.108981440 -0700
@@ -0,0 +1,20 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * umaskmkstemp - combines umask and mkstemp so we don't use mkstemp
+ * unsafely.
+ *
+ * Copyright (C) 2006 Erik Hovland
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include "libbb.h"
+
+int umaskmkstemp(char *path)
+{
+ umask(S_IRWXO | S_IRWXG);
+ return mkstemp(path);
+}
+
diff -Nurdp -x .svn -x busybox_old busybox-ro/shell/msh.c busybox-trunk/shell/msh.c
--- busybox-ro/shell/msh.c 2006-07-14 16:07:47.114435957 -0700
+++ busybox-trunk/shell/msh.c 2006-07-20 14:52:27.194084086 -0700
@@ -5086,7 +5086,7 @@ static void readhere(char **name, char *
DBGPRINTF7(("READHERE: enter, name=%p, s=%p\n", name, s));
- tf = mkstemp(tname);
+ tf = umaskmkstemp(tname);
if (tf < 0)
return;
@@ -5157,7 +5157,7 @@ static int herein(char *hname, int xdoll
char tname[30] = ".msh_XXXXXX";
jmp_buf ev;
- tf = mkstemp(tname);
+ tf = umaskmkstemp(tname);
if (tf < 0)
return (-1);
if (newenv(setjmp(errpt = ev)) == 0) {
--- busybox-ro/libbb/Makefile.in 2006-07-14 16:07:55.612219166 -0700
+++ busybox-trunk/libbb/Makefile.in 2006-07-20 15:12:39.559410041 -0700
@@ -35,7 +35,7 @@ LIBBB-y:= \
getopt_ulflags.c default_error_retval.c wfopen_input.c speed_table.c \
perror_nomsg_and_die.c perror_nomsg.c skip_whitespace.c bb_askpass.c \
warn_ignoring_args.c concat_subpath_file.c vfork_daemon_rexec.c \
- bb_do_delay.c
+ bb_do_delay.c umaskmkstemp.c
# conditionally compiled objects:
LIBBB-$(CONFIG_FEATURE_MOUNT_LOOP)+= loop.c
More information about the busybox
mailing list