>Number:         26860
>Category:       bin
>Synopsis:       sort creates files with mode 0600
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 05 22:42:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Michael van Elst
>Release:        NetBSD 1.6.2_STABLE
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."
>Environment:
	
	
System: NetBSD pepew 1.6.2_STABLE NetBSD 1.6.2_STABLE (PEPEW) #16: Sun Aug 29 02:03:43 MEST 2004 src@pepew:/amd/fud/d/0/src/sys/arch/i386/compile/PEPEW i386
Architecture: i386
Machine: i386
>Description:
Using the -o option, you can specify an output file to sort that is
used instead of the standard output.

If the file already exists and the pathname does not start with "/dev/"
it will be replaced by a new file with mode 0600. 

The reason is that the output file is created with mkstemp and
then just linked to the chosen name.

The logic that determines wether a file is not to be overwritten
but has to be replaced with a new file is bogus and buggy:

- The second parameter to access() should be F_OK instead of 0.
- The check for /dev/ prefix is supposed to avoid problems with
  special files. This has to be done correctly with lstat().
- This is a means to protect the input data in case someone
  wants to read and write the same file. In this case the
  file mode of the output file should be replicated from the
  input file or should at least honor umask just like a new file.


>How-To-Repeat:
Just run sort -o outfile with an existing outfile outside of /dev/.

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: