diff options
author | Jack Rosenthal <jrosenth@chromium.org> | 2020-07-16 13:59:41 -0600 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-07-20 19:31:32 +0000 |
commit | cc210abb146b96513d8acc185a64a7d3fee14aec (patch) | |
tree | 64f2a7d0fdd4274053b91ecc9726eefc45d0a2f5 /host | |
parent | ed23c08440dae6657d026a30b504578e03e0426f (diff) | |
download | vboot-cc210abb146b96513d8acc185a64a7d3fee14aec.tar.gz |
flashrom: set umask before creating temporary files
Good security practice. Set to 077; resultant file permissions are:
-rw-------
BUG=b:160717634
BRANCH=none
TEST=unit tests
Change-Id: Ib3b853c824be4c98e7b9ddd31797104ec4ab67a9
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2302962
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/lib/flashrom.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/host/lib/flashrom.c b/host/lib/flashrom.c index 10a5fa8c..b1647ae0 100644 --- a/host/lib/flashrom.c +++ b/host/lib/flashrom.c @@ -13,6 +13,8 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/stat.h> +#include <sys/types.h> #include <unistd.h> #include "2api.h" @@ -43,11 +45,15 @@ static vb2_error_t write_temp_file(const uint8_t *data, uint32_t data_size, ssize_t write_rv; vb2_error_t rv; char *path; + mode_t umask_save; *path_out = NULL; path = strdup(P_tmpdir "/vb2_flashrom.XXXXXX"); + /* Set the umask before mkstemp for security considerations. */ + umask_save = umask(077); fd = mkstemp(path); + umask(umask_save); if (fd < 0) { rv = VB2_ERROR_WRITE_FILE_OPEN; goto fail; |