re: bin/46500: Permission of created files in lpr.c wrong.

[matthew green <mrg%eterna.com.au@localhost>]

The following reply was made to PR bin/46500; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: re: bin/46500: Permission of created files in lpr.c wrong.
Date: Thu, 31 May 2012 03:03:33 +1000

 > >Number:         46500
 > >Category:       bin
 > >Synopsis:       Permission of created files in lpr.c wrong.
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       medium
 > >Responsible:    bin-bug-people
 > >State:          open
 > >Class:          sw-bug
 > >Submitter-Id:   net
 > >Arrival-Date:   Wed May 30 10:50:00 +0000 2012
 > >Originator:     Henning Petersen
 > >Release:        NetBSD-current
 > >Organization:
 > >Environment:
 > >Description:
 > Permission of created files */.seq is wrong.
 > >How-To-Repeat:
 > 
 > >Fix:
 > diff -u -p -r1.45 lpr.c
 > --- usr.sbin/lpr/lpr/lpr.c   30 Aug 2011 19:27:37 -0000      1.45
 > +++ usr.sbin/lpr/lpr/lpr.c   30 May 2012 09:07:55 -0000
 > @@ -698,7 +698,7 @@ mktemps(void)
 >  
 >      (void)snprintf(buf, sizeof(buf), "%s/.seq", SD);
 >      seteuid(euid);
 > -    if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0)
 > +    if ((fd = open(buf, O_RDWR|O_CREAT, 0664)) < 0)
 >              err(1, "cannot create %s", buf);
 >      if (flock(fd, LOCK_EX))
 >              err(1, "cannot lock %s", buf);
 
 what's wrong with this?  your change makes the temp files world
 readable which seems like a security issue to me.
 
 
 .mrg.