[patch] make sure all uses of mkstemp follow umask
Erik Hovland
erik at hovland.org
Thu Sep 7 21:37:34 UTC 2006
On Fri, Jul 21, 2006 at 11:33:11AM -0700, Erik Hovland wrote:
> On Fri, Jul 21, 2006 at 08:34:47AM +0200, Tito wrote:
> > On Friday 21 July 2006 00:27, Erik Hovland wrote:
> > > Using mkstemp without setting the permission mask with umask potentially
> > > harmful.
> > >
> > > Since there are several uses of mkstemp in busybox and none of them use
> > > umask, I made a libbb/umaskmkstemp.c file. That file has a umask() then
> > > mkstemp() call in it called umaskmkstemp(). Then I switched all of the
> > > users of mkstemp to this call instead.
> > >
> > > E
> > >
> > Hi,
> > would it not be better to reset the old mask after the mkstemp call?
> >
> > int umaskmkstemp(char *path)
> > {
> > mode_t old_mask = umask(S_IRWXO | S_IRWXG);
> > int ret = mkstemp(path);
> > umask(old_mask);
> > return ret;
> > }
> >
> >
> > Just a thought.
>
> Dang good idea. I will update my patch.
Patch updated and attached.
Thanks
E
--
Erik Hovland
mail: erik AT hovland DOT org
web: http://hovland.org/
PGP/GPG public key available on request
-------------- next part --------------
diff -Nurd -x .svn busybox-ro/coreutils/dos2unix.c busybox-trunk/coreutils/dos2unix.c
--- busybox-ro/coreutils/dos2unix.c 2006-09-07 14:32:29.185602906 -0700
+++ busybox-trunk/coreutils/dos2unix.c 2006-08-16 12:03:00.216498903 -0700
@@ -38,7 +38,7 @@
hold the full path. However if the output is truncated the
subsequent call to mkstemp would fail.
*/
- if ((i = mkstemp(&bb_common_bufsiz1[0])) == -1
+ if ((i = umaskmkstemp(&bb_common_bufsiz1[0])) == -1
|| chmod(bb_common_bufsiz1, 0600) == -1) {
bb_perror_nomsg_and_die();
}
diff -Nurd -x .svn busybox-ro/debianutils/mktemp.c busybox-trunk/debianutils/mktemp.c
--- busybox-ro/debianutils/mktemp.c 2006-07-14 16:07:44.524806765 -0700
+++ busybox-trunk/debianutils/mktemp.c 2006-07-21 16:36:01.537210272 -0700
@@ -28,7 +28,7 @@
return EXIT_FAILURE;
}
else {
- if (mkstemp(argv[optind]) < 0)
+ if (umaskmkstemp(argv[optind]) < 0)
return EXIT_FAILURE;
}
diff -Nurd -x .svn busybox-ro/e2fsprogs/blkid/save.c busybox-trunk/e2fsprogs/blkid/save.c
--- busybox-ro/e2fsprogs/blkid/save.c 2006-07-14 16:07:56.009162328 -0700
+++ busybox-trunk/e2fsprogs/blkid/save.c 2006-07-21 16:36:01.542209556 -0700
@@ -93,7 +93,7 @@
if (ret == 0 && S_ISREG(st.st_mode)) {
tmp = xmalloc(strlen(filename) + 8);
sprintf(tmp, "%s-XXXXXX", filename);
- fd = mkstemp(tmp);
+ fd = umaskmkstemp(tmp);
if (fd >= 0) {
file = fdopen(fd, "w");
opened = tmp;
diff -Nurd -x .svn busybox-ro/editors/sed.c busybox-trunk/editors/sed.c
--- busybox-ro/editors/sed.c 2006-09-07 14:32:31.659248425 -0700
+++ busybox-trunk/editors/sed.c 2006-09-06 13:43:39.208260175 -0700
@@ -1174,7 +1174,7 @@
bbg.outname=xstrndup(argv[i],strlen(argv[i])+6);
strcat(bbg.outname,"XXXXXX");
- if(-1==(nonstdoutfd=mkstemp(bbg.outname)))
+ if(-1==(nonstdoutfd=umaskmkstemp(bbg.outname)))
bb_error_msg_and_die("no temp file");
bbg.nonstdout=fdopen(nonstdoutfd,"w");
diff -Nurd -x .svn busybox-ro/include/libbb.h busybox-trunk/include/libbb.h
--- busybox-ro/include/libbb.h 2006-09-07 14:32:31.094329380 -0700
+++ busybox-trunk/include/libbb.h 2006-09-07 13:39:44.609215672 -0700
@@ -514,6 +514,7 @@
extern const char bb_uuenc_tbl_base64[];
extern const char bb_uuenc_tbl_std[];
extern void bb_uuencode(const unsigned char *s, char *store, const int length, const char *tbl);
+extern int umaskmkstemp(char* path);
#ifndef COMM_LEN
#ifdef TASK_COMM_LEN
diff -Nurd -x .svn busybox-ro/libbb/Makefile.in busybox-trunk/libbb/Makefile.in
--- busybox-ro/libbb/Makefile.in 2006-09-07 14:32:30.003485701 -0700
+++ busybox-trunk/libbb/Makefile.in 2006-09-07 14:34:52.814021397 -0700
@@ -35,7 +35,7 @@
getopt_ulflags.c default_error_retval.c wfopen_input.c speed_table.c \
perror_nomsg_and_die.c perror_nomsg.c skip_whitespace.c bb_askpass.c \
warn_ignoring_args.c concat_subpath_file.c vfork_daemon_rexec.c \
- bb_do_delay.c
+ bb_do_delay.c umaskmkstemp.c
# conditionally compiled objects:
LIBBB-$(CONFIG_FEATURE_MOUNT_LOOP)+= loop.c
diff -Nurd -x .svn busybox-ro/libbb/umaskmkstemp.c busybox-trunk/libbb/umaskmkstemp.c
--- busybox-ro/libbb/umaskmkstemp.c 1969-12-31 16:00:00.000000000 -0800
+++ busybox-trunk/libbb/umaskmkstemp.c 2006-07-25 14:24:19.678357534 -0700
@@ -0,0 +1,22 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * umaskmkstemp - combines umask and mkstemp so we don't use mkstemp
+ * unsafely.
+ *
+ * Copyright (C) 2006 Erik Hovland
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include "libbb.h"
+
+int umaskmkstemp(char *path)
+{
+ mode_t prevumask = umask(S_IRWXO | S_IRWXG);
+ int tempfd = mkstemp(path);
+ umask(prevumask);
+ return tempfd;
+}
+
diff -Nurd -x .svn busybox-ro/shell/msh.c busybox-trunk/shell/msh.c
--- busybox-ro/shell/msh.c 2006-09-07 14:32:28.617684291 -0700
+++ busybox-trunk/shell/msh.c 2006-08-16 12:02:59.769562856 -0700
@@ -5085,7 +5085,7 @@
DBGPRINTF7(("READHERE: enter, name=%p, s=%p\n", name, s));
- tf = mkstemp(tname);
+ tf = umaskmkstemp(tname);
if (tf < 0)
return;
@@ -5156,7 +5156,7 @@
char tname[30] = ".msh_XXXXXX";
jmp_buf ev;
- tf = mkstemp(tname);
+ tf = umaskmkstemp(tname);
if (tf < 0)
return (-1);
if (newenv(setjmp(errpt = ev)) == 0) {
More information about the busybox
mailing list