diff options
author | Michael Vogt <mvo@ubuntu.com> | 2014-04-09 10:12:10 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-04-10 08:59:47 +0200 |
commit | f22b65b47990237bd5d9a1c171919c3059fbd9b0 (patch) | |
tree | e22e54c3256554884b1042a2088638207b169ec3 /apt-pkg/contrib | |
parent | 5572f6bdcb947e11f32e2a035438d9d3899ad46d (diff) | |
download | apt-f22b65b47990237bd5d9a1c171919c3059fbd9b0.tar.gz |
Fix insecure file permissions when using FileFd with OpenMode::Atomic
Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug
that caused FileFd to create insecure permissions when FileFd::Atomic
is used. This commit fixes the permissions and adds a test.
The bug is most likely caused by the confusing "Perm" parameter
that is passed to Open() - its not the file permissions but intead
the "mode" part of open/creat.
Diffstat (limited to 'apt-pkg/contrib')
-rw-r--r-- | apt-pkg/contrib/fileutl.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 188bb87e..8b57e87a 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -1067,6 +1067,10 @@ bool FileFd::Open(string FileName,unsigned int const Mode,APT::Configuration::Co if_FLAGGED_SET(Exclusive, O_EXCL); #undef if_FLAGGED_SET + // there is no getumask() so we read it by setting it and reset + mode_t current_umask = umask(0); + umask(current_umask); + if ((Mode & Atomic) == Atomic) { char *name = strdup((FileName + ".XXXXXX").c_str()); @@ -1080,11 +1084,11 @@ bool FileFd::Open(string FileName,unsigned int const Mode,APT::Configuration::Co TemporaryFileName = string(name); free(name); - if(Perms != 600 && fchmod(iFd, Perms) == -1) + if(Perms != 600 && fchmod(iFd, Perms & ~current_umask) == -1) return FileFdErrno("fchmod", "Could not change permissions for temporary file %s", TemporaryFileName.c_str()); } else - iFd = open(FileName.c_str(), fileflags, Perms); + iFd = open(FileName.c_str(), fileflags, Perms & ~current_umask); this->FileName = FileName; if (iFd == -1 || OpenInternDescriptor(Mode, compressor) == false) |