[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: bin/46500: Permission of created files in lpr.c wrong.
The following reply was made to PR bin/46500; it has been noted by GNATS.
From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
Subject: re: bin/46500: Permission of created files in lpr.c wrong.
Date: Thu, 31 May 2012 03:30:24 +1000
> > >Description:
> > Permission of created files */.seq is wrong.
> > >How-To-Repeat:
> > >Fix:
> > diff -u -p -r1.45 lpr.c
> > --- usr.sbin/lpr/lpr/lpr.c 30 Aug 2011 19:27:37 -0000 1.45
> > +++ usr.sbin/lpr/lpr/lpr.c 30 May 2012 09:07:55 -0000
> > @@ -698,7 +698,7 @@ mktemps(void)
> > (void)snprintf(buf, sizeof(buf), "%s/.seq", SD);
> > seteuid(euid);
> > - if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0)
> > + if ((fd = open(buf, O_RDWR|O_CREAT, 0664)) < 0)
> > err(1, "cannot create %s", buf);
> > if (flock(fd, LOCK_EX))
> > err(1, "cannot lock %s", buf);
> what's wrong with this? your change makes the temp files world
> readable which seems like a security issue to me.
additionally, this will break lpd as it uses these execute bits
modes specific meanings.
Main Index |
Thread Index |