diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-08-06 09:43:05 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-06 18:15:50 +0200 |
commit | 249d3b8c72798a8eb081b620cc94072b3e8d6351 (patch) | |
tree | 3258738ae811a6dbdd98ed4c225dcd5bc89552c6 | |
parent | d3d297c62e0340151da1d4ce1e082dcfcb45b431 (diff) | |
download | sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.tar.gz sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.tar.bz2 sssd-249d3b8c72798a8eb081b620cc94072b3e8d6351.zip |
IPA: Securely set umask for mkstemp in subdomain provider
https://fedorahosted.org/sssd/ticket/1457
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 9adc3fa9..98c7de34 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -285,6 +285,7 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain, const char *mapping_file; char *tmp_file = NULL; int fd = -1; + mode_t old_mode; FILE *fstream = NULL; size_t i; @@ -304,7 +305,9 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain, goto done; } + old_mode = umask(077); fd = mkstemp(tmp_file); + umask(old_mode); if (fd < 0) { DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file [%s] for domain-realm " "mappings failed.", tmp_file)); |