diff options
author | Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> | 2020-11-24 16:41:01 +0100 |
---|---|---|
committer | Jes Sorensen <jsorensen@fb.com> | 2020-11-25 18:09:03 -0500 |
commit | ca4b156b2059ee00a9143313267ee4a098967d76 (patch) | |
tree | bc17b93830fc65fa33473449d65cc4f05ae84e7c | |
parent | b65c1f4a2340e24ae00babc4399fb4030ff99517 (diff) | |
download | mdadm-ca4b156b2059ee00a9143313267ee4a098967d76.tar.gz |
Monitor: don't use default modes when creating a file
Replace fopen() calls by open() with creation mode directly specified.
This fixes the potential security issue. Use octal values instead masks.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
-rw-r--r-- | Monitor.c | 17 |
1 files changed, 12 insertions, 5 deletions
@@ -305,8 +305,11 @@ static int make_daemon(char *pidfile) if (!pidfile) printf("%d\n", pid); else { - FILE *pid_file; - pid_file=fopen(pidfile, "w"); + FILE *pid_file = NULL; + int fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC, + 0644); + if (fd >= 0) + pid_file = fdopen(fd, "w"); if (!pid_file) perror("cannot create pid file"); else { @@ -368,13 +371,17 @@ static void write_autorebuild_pid() { char path[PATH_MAX]; int pid; - FILE *fp; + FILE *fp = NULL; sprintf(path, "%s/autorebuild.pid", MDMON_DIR); - if (mkdir(MDMON_DIR, S_IRWXU) < 0 && errno != EEXIST) { + if (mkdir(MDMON_DIR, 0700) < 0 && errno != EEXIST) { pr_err("Can't create autorebuild.pid file\n"); } else { - fp = fopen(path, "w"); + int fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0700); + + if (fd >= 0) + fp = fdopen(fd, "w"); + if (!fp) pr_err("Can't create autorebuild.pid file\n"); else { |