re: bin/46500: Permission of created files in lpr.c wrong.

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,henning.petersen%t-online.de@localhost
Subject: re: bin/46500: Permission of created files in lpr.c wrong.
From: matthew green <mrg%eterna.com.au@localhost>
Date: Wed, 30 May 2012 17:35:01 +0000 (UTC)

The following reply was made to PR bin/46500; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
    gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: re: bin/46500: Permission of created files in lpr.c wrong.
Date: Thu, 31 May 2012 03:30:24 +1000

 > > >Description:
 > > Permission of created files */.seq is wrong.
 > > >How-To-Repeat:
 > > 
 > > >Fix:
 > > diff -u -p -r1.45 lpr.c
 > > --- usr.sbin/lpr/lpr/lpr.c 30 Aug 2011 19:27:37 -0000      1.45
 > > +++ usr.sbin/lpr/lpr/lpr.c 30 May 2012 09:07:55 -0000
 > > @@ -698,7 +698,7 @@ mktemps(void)
 > >  
 > >    (void)snprintf(buf, sizeof(buf), "%s/.seq", SD);
 > >    seteuid(euid);
 > > -  if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0)
 > > +  if ((fd = open(buf, O_RDWR|O_CREAT, 0664)) < 0)
 > >            err(1, "cannot create %s", buf);
 > >    if (flock(fd, LOCK_EX))
 > >            err(1, "cannot lock %s", buf);
 > 
 > what's wrong with this?  your change makes the temp files world
 > readable which seems like a security issue to me.
 
 additionally, this will break lpd as it uses these execute bits
 modes specific meanings.
 
 
 .mrg.

Prev by Date: re: bin/46500: Permission of created files in lpr.c wrong.
Next by Date: Re: lib/46433: tests/lib/libm/t_exp should not use exp() itself
Previous by Thread: re: bin/46500: Permission of created files in lpr.c wrong.
Next by Thread: re: bin/46500: Permission of created files in lpr.c wrong.
Indexes:

Home | Main Index | Thread Index | Old Index