diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | doc/posix-functions/mkstemp.texi | 8 | ||||
-rw-r--r-- | m4/mkstemp.m4 | 13 |
3 files changed, 23 insertions, 6 deletions
@@ -1,3 +1,11 @@ +2011-04-27 Reuben Thomas <rrt@sc3d.org> + and Eric Blake <eblake@redhat.com> + + mkstemp: replace if system version uses wrong permissions + * m4/mkstemp.m4 (gl_FUNC_MKSTEMP): Add test for non-owner + read/write mode bits set in file created by mkstemp. + * doc/posix-functions/mkstemp.texi (mkstemp): Document the fix. + 2011-04-27 Eric Blake <eblake@redhat.com> passfd: avoid compiler warning diff --git a/doc/posix-functions/mkstemp.texi b/doc/posix-functions/mkstemp.texi index 5a1e145600..5f62b44bc3 100644 --- a/doc/posix-functions/mkstemp.texi +++ b/doc/posix-functions/mkstemp.texi @@ -15,14 +15,14 @@ mingw. On some platforms (HP-UX 10.20, SunOS 4.1.4, Solaris 2.5.1), mkstemp has a silly limit that it can create no more than 26 files from a given template. On OSF/1 4.0f, it can create only 32 files per process. +@item +On some older platforms, @code{mkstemp} can create a world or group +writable or readable file, if you haven't set the process umask to +077. This is a security risk. @end itemize Portability problems not fixed by Gnulib: @itemize -@item -On platforms other than glibc 2.0.7 or newer, @code{mkstemp} can create a -world or group writable or readable file, if you haven't set the process -umask to 077. This is a security risk. @end itemize The gnulib module clean-temp can create temporary files that are less diff --git a/m4/mkstemp.m4 b/m4/mkstemp.m4 index c5cd2820d1..06187c6c51 100644 --- a/m4/mkstemp.m4 +++ b/m4/mkstemp.m4 @@ -1,4 +1,4 @@ -#serial 19 +#serial 20 # Copyright (C) 2001, 2003-2007, 2009-2011 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation @@ -10,6 +10,8 @@ # Other systems lack mkstemp altogether. # On OSF1/Tru64 V4.0F, the system-provided mkstemp function can create # only 32 files per process. +# On some hosts, mkstemp creates files with mode 0666, which is a security +# problem and a violation of POSIX 2008. # On systems like the above, arrange to use the replacement function. AC_DEFUN([gl_FUNC_MKSTEMP], [ @@ -30,6 +32,7 @@ AC_DEFUN([gl_FUNC_MKSTEMP], off_t large = (off_t) 4294967295u; if (large < 0) large = 2147483647; + umask (0); for (i = 0; i < 70; i++) { char templ[] = "conftest.mkstemp/coXXXXXX"; @@ -39,9 +42,15 @@ AC_DEFUN([gl_FUNC_MKSTEMP], result |= 1; else { + struct stat st; if (lseek (fd, large, SEEK_SET) != large) result |= 2; - close (fd); + if (fstat (fd, &st) < 0) + result |= 4; + else if (st.st_mode & 0077) + result |= 8; + if (close (fd)) + result |= 16; } } return result;]])], |