TOOLS: Use file descriptor to avoid races when creating a home directory

When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard links.

This security problem was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782

1 files changed, 3 insertions, 3 deletions

diff --git a/src/tests/files-tests.c b/src/tests/files-tests.c
index cb20e1aae..06aa59670 100644
--- a/src/tests/files-tests.c
+++ b/src/tests/files-tests.c
@@ -183,7 +183,7 @@ START_TEST(test_simple_copy)
 
     /* and finally copy.. */
     DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path));
-    ret = copy_tree(dir_path, dst_path, uid, gid);
+    ret = copy_tree(dir_path, dst_path, 0700, uid, gid);
     fail_unless(ret == EOK, "copy_tree failed\n");
 
     /* check if really copied */
@@ -225,7 +225,7 @@ START_TEST(test_copy_symlink)
 
     /* and finally copy.. */
     DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path));
-    ret = copy_tree(dir_path, dst_path, uid, gid);
+    ret = copy_tree(dir_path, dst_path, 0700, uid, gid);
     fail_unless(ret == EOK, "copy_tree failed\n");
 
     /* check if really copied */
@@ -264,7 +264,7 @@ START_TEST(test_copy_node)
 
     /* and finally copy.. */
     DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path));
-    ret = copy_tree(dir_path, dst_path, uid, gid);
+    ret = copy_tree(dir_path, dst_path, 0700, uid, gid);
     fail_unless(ret == EOK, "copy_tree failed\n");
 
     /* check if really copied */