diff options
| author |   martijn <martijn@openbsd.org> | 2019-04-26 06:33:29 +0000 |
|---|---|---|
| committer | martijn <martijn@openbsd.org> | 2019-04-26 06:33:29 +0000 |
| commit | 01e8f378cfc2c9c54729ba8f77e258e612d84c8b (patch) | |
| tree | f54a05a9aecb2322b52b5f28dc7894cf3939556e /lib/libc | |
| parent | check owner and permission of download directory (diff) | |
| download | wireguard-openbsd-01e8f378cfc2c9c54729ba8f77e258e612d84c8b.tar.xz wireguard-openbsd-01e8f378cfc2c9c54729ba8f77e258e612d84c8b.zip | |
Undo changes to tmpfile.c r1.5.
Doing the fchown call causes pledge("tmppath") to be insufficient and the
the umask dance may cause race-conditions in multithreaded applications.
Also POSIX states the following nowadays:
implementations may restrict the permissions, either by clearing the file
mode bits or setting them to the value S_IRUSR | S_IWUSR.
Encouraging words from tedu@
Standards verification and OK millert@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/stdio/tmpfile.c | 18 | ||||
| -rw-r--r-- | lib/libc/stdio/tmpnam.3 | 13 |
2 files changed, 5 insertions, 26 deletions
diff --git a/lib/libc/stdio/tmpfile.c b/lib/libc/stdio/tmpfile.c index 6ee28caf0f6..555404f45b7 100644 --- a/lib/libc/stdio/tmpfile.c +++ b/lib/libc/stdio/tmpfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tmpfile.c,v 1.11 2015/08/31 02:53:57 guenther Exp $ */ +/* $OpenBSD: tmpfile.c,v 1.12 2019/04/26 06:33:29 martijn Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -31,8 +31,6 @@ * SUCH DAMAGE. */ -#include <sys/types.h> -#include <sys/stat.h> #include <unistd.h> #include <signal.h> #include <errno.h> @@ -47,24 +45,14 @@ tmpfile(void) sigset_t set, oset; FILE *fp; int fd, sverrno; -#define TRAILER "tmp.XXXXXXXXXX" - char buf[sizeof(_PATH_TMP) + sizeof(TRAILER)]; - - (void)memcpy(buf, _PATH_TMP, sizeof(_PATH_TMP) - 1); - (void)memcpy(buf + sizeof(_PATH_TMP) - 1, TRAILER, sizeof(TRAILER)); + char buf[] = _PATH_TMP "tmp.XXXXXXXXXX"; sigfillset(&set); (void)sigprocmask(SIG_BLOCK, &set, &oset); fd = mkstemp(buf); - if (fd != -1) { - mode_t u; - + if (fd != -1) (void)unlink(buf); - u = umask(0); - (void)umask(u); - (void)fchmod(fd, 0666 & ~u); - } (void)sigprocmask(SIG_SETMASK, &oset, NULL); diff --git a/lib/libc/stdio/tmpnam.3 b/lib/libc/stdio/tmpnam.3 index ab969a9a61f..5a374d6e1ac 100644 --- a/lib/libc/stdio/tmpnam.3 +++ b/lib/libc/stdio/tmpnam.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tmpnam.3,v 1.21 2015/02/28 21:51:57 bentley Exp $ +.\" $OpenBSD: tmpnam.3,v 1.22 2019/04/26 06:33:29 martijn Exp $ .\" .\" Copyright (c) 1988, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: February 28 2015 $ +.Dd $Mdocdate: April 26 2019 $ .Dt TMPFILE 3 .Os .Sh NAME @@ -57,15 +57,6 @@ The created file is unlinked before .Fn tmpfile returns, causing the file to be automatically deleted when the last reference to it is closed. -Since -.Xr mkstemp 3 -creates the file with mode -.Dv S_IRUSR | S_IWUSR , -after the unlink, -.Xr fchown 2 -and -.Xr umask 2 -are used to set the file mode to the expected value. The file is opened with the access value .Ql w+ . .Pp |