Skip to content
Snippets Groups Projects
Commit c94b65f6 authored by Noah Misch's avatar Noah Misch
Browse files

Restrict file mode creation mask during tmpfile().

Per Coverity.  Back-patch to 9.0 (all supported versions).

Michael Paquier, reviewed (in earlier versions) by Heikki Linnakangas.
parent ac0c7122
No related branches found
No related tags found
No related merge requests found
......@@ -371,8 +371,18 @@ tarOpen(ArchiveHandle *AH, const char *filename, char mode)
}
else
{
int old_umask;
tm = pg_calloc(1, sizeof(TAR_MEMBER));
/*
* POSIX does not require, but permits, tmpfile() to restrict file
* permissions. Given an OS crash after we write data, the filesystem
* might retain the data but forget tmpfile()'s unlink(). If so, the
* file mode protects confidentiality of the data written.
*/
old_umask = umask(S_IRWXG | S_IRWXO);
#ifndef WIN32
tm->tmpFH = tmpfile();
#else
......@@ -407,6 +417,8 @@ tarOpen(ArchiveHandle *AH, const char *filename, char mode)
if (tm->tmpFH == NULL)
exit_horribly(modulename, "could not generate temporary file name: %s\n", strerror(errno));
umask(old_umask);
#ifdef HAVE_LIBZ
if (AH->compression != 0)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment