[PATCH] lib/file: remove mkstemp umask in copy_file_secure_dest

Samuel Mendoza-Jonas sam at mendozajonas.com
Mon May 7 14:10:04 AEST 2018


On Thu, 2018-05-03 at 16:02 +1000, Brett Grandbois wrote:
> mkstemp will generate the temp file with permissions 0600 so the
> umask(0644) is causing the file to have permissions of 0000, making
> signature files unreadable
> 
> Signed-off-by: Brett Grandbois <brett.grandbois at opengear.com>

Good catch! Merged as 17d9d54

> ---
>  lib/file/file.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/lib/file/file.c b/lib/file/file.c
> index 57a2519..b575d34 100644
> --- a/lib/file/file.c
> +++ b/lib/file/file.c
> @@ -44,7 +44,6 @@ int copy_file_secure_dest(void *ctx, const char *source_file,
>  	unsigned char *buffer;
>  	ssize_t r;
>  	size_t l1;
> -	mode_t oldmask;
>  
>  	source_handle = fopen(source_file, "r");
>  	if (!source_handle) {
> @@ -53,9 +52,7 @@ int copy_file_secure_dest(void *ctx, const char *source_file,
>  			return -1;
>  	}
>  
> -	oldmask = umask(0644);
>  	destination_fd = mkstemp(template);
> -	umask(oldmask);
>  	if (destination_fd < 0) {
>  		pb_log("%s: unable to create temp file, %m\n", __func__);
>  		fclose(source_handle);



More information about the Petitboot mailing list