[PATCH] lib/file: remove mkstemp umask in copy_file_secure_dest
Samuel Mendoza-Jonas
sam at mendozajonas.com
Mon May 7 14:10:04 AEST 2018
On Thu, 2018-05-03 at 16:02 +1000, Brett Grandbois wrote:
> mkstemp will generate the temp file with permissions 0600 so the
> umask(0644) is causing the file to have permissions of 0000, making
> signature files unreadable
>
> Signed-off-by: Brett Grandbois <brett.grandbois at opengear.com>
Good catch! Merged as 17d9d54
> ---
> lib/file/file.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/lib/file/file.c b/lib/file/file.c
> index 57a2519..b575d34 100644
> --- a/lib/file/file.c
> +++ b/lib/file/file.c
> @@ -44,7 +44,6 @@ int copy_file_secure_dest(void *ctx, const char *source_file,
> unsigned char *buffer;
> ssize_t r;
> size_t l1;
> - mode_t oldmask;
>
> source_handle = fopen(source_file, "r");
> if (!source_handle) {
> @@ -53,9 +52,7 @@ int copy_file_secure_dest(void *ctx, const char *source_file,
> return -1;
> }
>
> - oldmask = umask(0644);
> destination_fd = mkstemp(template);
> - umask(oldmask);
> if (destination_fd < 0) {
> pb_log("%s: unable to create temp file, %m\n", __func__);
> fclose(source_handle);
More information about the Petitboot
mailing list