gitea-mirror/git-crypt
1
0
Fork 0
mirror of https://github.com/AGWA/git-crypt.git synced 2026-01-07 10:50:53 -08:00
Code Issues Packages Projects Releases Wiki Activity

Set a safe umask before creating temporary files

Browse Source 
Although glibc's implementation of mkstemp creates temporary files with
a safe (i.e. 0600) mode, POSIX does not mandate any particular mode.  So
to ensure maximum cross-platform safety, we must set a umask of 0077
before calling mkstemp.
This commit is contained in:
Andrew Ayer
2013-01-03 15:20:22 -08:00
parent 42c365c77f
commit d3dcc7da64
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
util.cpp
View File

@@ -24,6 +24,7 @@
#include <cstdlib>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#include <fstream>
@@ -82,11 +83,13 @@ void open_tempfile (std::fstream& file, std::ios_base::openmode mode)
char* path = new char[tmpdir_len + 18];
strcpy(path, tmpdir);
strcpy(path + tmpdir_len, "/git-crypt.XXXXXX");
mode_t old_umask = umask(0077);
int fd = mkstemp(path);
if (fd == -1) {
perror("mkstemp");
std::exit(9);
}
umask(old_umask);
file.open(path, mode);
if (!file.is_open()) {
perror("open");