IPA: Securely set umask for mkstemp in subdomain provider

https://fedorahosted.org/sssd/ticket/1457
author: Stephen Gallagher <sgallagh@redhat.com> 2012-08-06 09:43:05 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-08-06 18:15:50 +0200
commit: 249d3b8c72798a8eb081b620cc94072b3e8d6351 (patch)
tree: 3258738ae811a6dbdd98ed4c225dcd5bc89552c6
parent: d3d297c62e0340151da1d4ce1e082dcfcb45b431 (diff)
download: sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.tar.gz
sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.tar.xz
sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 9adc3fa94..98c7de346 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -285,6 +285,7 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain,
     const char *mapping_file;
     char *tmp_file = NULL;
     int fd = -1;
+    mode_t old_mode;
     FILE *fstream = NULL;
     size_t i;
 
@@ -304,7 +305,9 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain,
         goto done;
     }
 
+    old_mode = umask(077);
     fd = mkstemp(tmp_file);
+    umask(old_mode);
     if (fd < 0) {
         DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file [%s] for domain-realm "
                                   "mappings failed.", tmp_file));
author	Stephen Gallagher <sgallagh@redhat.com>	2012-08-06 09:43:05 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-08-06 18:15:50 +0200
commit	249d3b8c72798a8eb081b620cc94072b3e8d6351 (patch)
tree	3258738ae811a6dbdd98ed4c225dcd5bc89552c6
parent	d3d297c62e0340151da1d4ce1e082dcfcb45b431 (diff)
download	sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.tar.gz sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.tar.xz sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.zip