Overview

File 0001-sed-set-correct-umask-on-temporary-files.patch of Package sed.32996

From f69b085d3e7011ad6fa1dcf1473879a961fa1605 Mon Sep 17 00:00:00 2001
From: Assaf Gordon <assafgordon@gmail.com>
Date: Fri, 30 Aug 2019 14:35:24 -0600
Subject: [PATCH] sed: set correct umask on temporary files

"sed -i" now creates temporary files with correct umask (limited to u=rwx).
Previously sed would incorrectly set umask, and combined with mkostemp
creating file with mode 0600, the result would be a file with
permission mode 0.

Reported by Dr N.W. Filardo <nwf20@cam.ac.uk>:
https://lists.gnu.org/r/sed-devel/2019-08/msg00000.html
  "The net effect is that this patch does not do what it says on the tin:
   it does not improve the security story at all.  Things continue to
   function because the subsequent operations are via f*() APIs, which
   take the open file handle, and in particular fchmod() will put the
   bits back to something sensible.

   However, when running atop, for example, fuse-style filesystems which do
   not keep open descriptors to underlying files, this is catastrophic:
   the underlying file will have I_SRWXU of zero, and so the filesystem
   server will be unable to open the file for the fchmod() and that's
   the end of that."

"fuse-overlayfs" is an example of a filesystem with such issues.
This change was made in commit 5156c19b23c41f438bf8658e1b9a43a5ff136835
and was released in sed 4.2.1.

* NEWS: Mention change.
* sed/utils.c (ck_mkstemp): Set correct umask.
---
 NEWS        |    7 +++++++
 sed/utils.c |    2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,13 @@ GNU sed NEWS
   sed could segfault when invoked with specific combination of newlines
   in the input and regex pattern. [Bug introduced in sed-4.3]
 
+** Bug fixes
+
+  "sed -i" now creates temporary files with correct umask (limited to u=rwx).
+  Previously sed would incorrectly set umask on temporary files, resulting
+  in problems under certain fuse-like file systems.
+  [bug introduced in sed 4.2.1]
+
 
 * Noteworthy changes in release 4.3 (2016-12-30) [stable]
 
--- a/sed/utils.c
+++ b/sed/utils.c
@@ -171,7 +171,7 @@ ck_mkstemp (char **p_filename, const cha
    /* The ownership might change, so omit some permissions at first
       so unauthorized users cannot nip in before the file is ready.
       mkstemp forces O_BINARY on cygwin, so use mkostemp instead.  */
-  mode_t save_umask = umask (0700);
+  mode_t save_umask = umask (0077);
   int fd = mkostemp (template, 0);
   umask (save_umask);
   if (fd == -1)
openSUSE Build Service is sponsored by
Places