From: Christophe CURIS <christophe.cu...@free.fr>
When creating the temporary file that will become the final file if no
problem occurs, there is a chmod done which does not give write access to
the group and to the others, but this is the task of the user-set umask.
This patch makes the rights to everything (except execution, of course) and
still applies the umask, so in the end the file will have the rights that
user wants.
Took the opportunity to make a little change related to the umask: it seems
that some version of mkstemp have a security issue, which is in not a
problem in our use case, but Coverity reports it (#50201) so as it does not
cost anything, the patch also fixes it with an appropriate comment to
explain the situation.
Signed-off-by: Christophe CURIS <christophe.cu...@free.fr>
---
WINGs/proplist.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/WINGs/proplist.c b/WINGs/proplist.c
index 174edbe..28a3ae2 100644
--- a/WINGs/proplist.c
+++ b/WINGs/proplist.c
@@ -1645,13 +1645,22 @@ Bool WMWritePropListToFile(WMPropList * plist, const
char *path)
thePath = wstrconcat(path, ".XXXXXX");
#ifdef HAVE_MKSTEMP
+ /*
+ * We really just want to read the current umask, but as Coverity is
+ * pointing a possible security issue:
+ * some versions of mkstemp do not set file rights properly on the
+ * created file, so it is recommended so set the umask beforehand.
+ * As we need to set an umask to read the current value, we take this
+ * opportunity to set a temporary aggresive umask so Coverity won't
+ * complain, even if we do not really care in the present use case.
+ */
+ mask = umask(S_IRWXG | S_IRWXO);
if ((fd = mkstemp(thePath)) < 0) {
werror(_("mkstemp (%s) failed"), thePath);
goto failure;
}
- mask = umask(0);
umask(mask);
- fchmod(fd, 0644 & ~mask);
+ fchmod(fd, 0666 & ~mask);
if ((theFile = fdopen(fd, "wb")) == NULL) {
close(fd);
}
--
2.1.1
--
To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.
