bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add more calls to umask() before mkstemp()

Browse Source
This commit is contained in:
Mukund Sivaraman 2008-08-24 11:47:50 +05:30
parent 82cd6c765b
commit fadb98ee55
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/child.c
View File

@ -78,6 +78,11 @@ _child_lock_init(void)
{ {
char lock_file[] = "/tmp/tinyproxy.servers.lock.XXXXXX"; char lock_file[] = "/tmp/tinyproxy.servers.lock.XXXXXX";
/* Only allow u+rw bits. This may be required for some versions
* of glibc so that mkstemp() doesn't make us vulnerable.
*/
umask(0177);
lock_fd = mkstemp(lock_file); lock_fd = mkstemp(lock_file);
unlink(lock_file); unlink(lock_file);

5
src/heap.c
View File

@ -116,6 +116,11 @@ malloc_shared_memory(size_t size)
strlcpy(buffer, shared_file, sizeof(buffer)); strlcpy(buffer, shared_file, sizeof(buffer));
/* Only allow u+rw bits. This may be required for some versions
* of glibc so that mkstemp() doesn't make us vulnerable.
*/
umask(0177);
if ((fd = mkstemp(buffer)) == -1) if ((fd = mkstemp(buffer)) == -1)
return MAP_FAILED; return MAP_FAILED;
unlink(buffer); unlink(buffer);