> Den Oct 14, 2013 kl. 17:32 skrev Gustavo Sverzut Barbieri > <barbi...@gmail.com>: > > 1 - we have eina_file_mkstemp(), use it.
Ok. > > 2 - eina_file_mkstemp() does not enforce any of umask(), should it? According to some security issues linked from coverity files from mkstemp can have the wrong permissions. Newer glibc does it right, but older doesn't and posix does not say anything about umask. So the Linux man page says the user should set correct umask. > > On Mon, Oct 14, 2013 at 8:23 AM, Sebastian Dransfeld > <sebastian.dransf...@sintef.no> wrote: >> englebass pushed a commit to branch master. >> >> http://git.enlightenment.org/core/efl.git/commit/?id=67a8feeb08e9dd6e58a1fb148a826e781ca5260d >> >> commit 67a8feeb08e9dd6e58a1fb148a826e781ca5260d >> Author: Sebastian Dransfeld <sebastian.dransf...@sintef.no> >> Date: Mon Oct 14 13:19:59 2013 +0200 >> >> efreet: Set umask before creating temp file >> >> CID 1039616 >> --- >> src/bin/efreet/efreet_desktop_cache_create.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/src/bin/efreet/efreet_desktop_cache_create.c >> b/src/bin/efreet/efreet_desktop_cache_create.c >> index 577091f..2fc6e91 100644 >> --- a/src/bin/efreet/efreet_desktop_cache_create.c >> +++ b/src/bin/efreet/efreet_desktop_cache_create.c >> @@ -225,6 +225,7 @@ main(int argc, char **argv) >> int i; >> char file[PATH_MAX] = { '\0' }; >> char util_file[PATH_MAX] = { '\0' }; >> + mode_t um; >> >> if (!eina_init()) goto eina_error; >> _efreet_desktop_cache_log_dom = >> @@ -296,14 +297,20 @@ main(int argc, char **argv) >> >> /* create cache */ >> snprintf(file, sizeof(file), "%s.XXXXXX", efreet_desktop_cache_file()); >> + /* set secure umask for temporary files */ >> + um = umask(0077); >> tmpfd = mkstemp(file); >> + umask(um); >> if (tmpfd < 0) goto error; >> close(tmpfd); >> ef = eet_open(file, EET_FILE_MODE_READ_WRITE); >> if (!ef) goto error; >> >> snprintf(util_file, sizeof(util_file), "%s.XXXXXX", >> efreet_desktop_util_cache_file()); >> + /* set secure umask for temporary files */ >> + um = umask(0077); >> tmpfd = mkstemp(util_file); >> + umask(um); >> if (tmpfd < 0) goto error; >> close(tmpfd); >> util_ef = eet_open(util_file, EET_FILE_MODE_READ_WRITE); >> >> -- > > > > -- > Gustavo Sverzut Barbieri > -------------------------------------- > Mobile: +55 (19) 9225-2202 > Contact: http://www.gustavobarbieri.com.br/contact > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
