Create files with with 000 permissions to avoid leaking yet unchecked data

As we are calculating the check sum while writing we only know the file content is correct after it being written comletely. CVE-2013-6435 (cherry picked from commit 7e26e2bd726f48836be289400c7d82cb8b067dc1)
author: Florian Festi <ffesti@redhat.com> 2015-07-23 11:56:13 +0200
committer: Panu Matilainen <pmatilai@redhat.com> 2016-11-02 10:41:53 +0200
commit: eec854932d50010e4b3c6fb237f37d8f0a93bd23 (patch)
tree: 1c244ca1b0568bc7e26ab52db78007fca881ccd9
parent: b1cb0cb18fc9b98b44f5f7381a2ab4558ae7c0cb (diff)
download: rpm-eec854932d50010e4b3c6fb237f37d8f0a93bd23.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/fsm.c b/lib/fsm.c
index 7ae4747a2..5b6449c72 100644
--- a/lib/fsm.c
+++ b/lib/fsm.c
@@ -215,7 +215,12 @@ static int expandRegular(rpmfi fi, const char *dest, rpmpsm psm, int nodigest, i
     FD_t wfd = NULL;
     int rc = 0;
 
-    wfd = Fopen(dest, "w.ufdio");
+    /* Create the file with 000 permissions. */
+    {
+	mode_t old_umask = umask(0777);
+	wfd = Fopen(dest, "w.ufdio");
+	umask(old_umask);
+    }
     if (Ferror(wfd)) {
 	rc = RPMERR_OPEN_FAILED;
 	goto exit;
author	Florian Festi <ffesti@redhat.com>	2015-07-23 11:56:13 +0200
committer	Panu Matilainen <pmatilai@redhat.com>	2016-11-02 10:41:53 +0200
commit	eec854932d50010e4b3c6fb237f37d8f0a93bd23 (patch)
tree	1c244ca1b0568bc7e26ab52db78007fca881ccd9
parent	b1cb0cb18fc9b98b44f5f7381a2ab4558ae7c0cb (diff)
download	rpm-eec854932d50010e4b3c6fb237f37d8f0a93bd23.tar.gz