aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-01-16 21:08:58 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-01-16 21:08:58 +0000
commit16bd17ce2d680932e8bbaa2fcef288c0046ea146 (patch)
treed3c16ac70a6cec8ad7780920adc78fad166e91db
parente36de8f1b150b8f51b65eff17a01cd8a136b1cce (diff)
downloadsrc-16bd17ce2d680932e8bbaa2fcef288c0046ea146.tar.gz
src-16bd17ce2d680932e8bbaa2fcef288c0046ea146.zip
Fix insecure tempfile handling
Reviewed by: audit@freebsd.org
Notes
Notes: svn path=/head/; revision=56125
-rw-r--r--sbin/ldconfig/ldconfig.c12
1 files changed, 4 insertions, 8 deletions
diff --git a/sbin/ldconfig/ldconfig.c b/sbin/ldconfig/ldconfig.c
index 01bbe1f5d596..07e5abcfa584 100644
--- a/sbin/ldconfig/ldconfig.c
+++ b/sbin/ldconfig/ldconfig.c
@@ -465,17 +465,13 @@ buildhints()
errx(1, "str_index(%d) != strtab_sz(%d)", str_index, strtab_sz);
}
- tmpfile = concat(hints_file, ".XXXXXX", "");
- if ((tmpfile = mktemp(tmpfile)) == NULL) {
- warn("%s", tmpfile);
- return -1;
- }
-
+ tmpfile = concat(hints_file, ".XXXXXXXXXX", "");
umask(0); /* Create with exact permissions */
- if ((fd = open(tmpfile, O_RDWR|O_CREAT|O_TRUNC, 0444)) == -1) {
- warn("%s", hints_file);
+ if ((fd = mkstemp(tmpfile)) == -1) {
+ warn("%s", tmpfile);
return -1;
}
+ fchmod(fd, 0444);
if (write(fd, &hdr, sizeof(struct hints_header)) !=
sizeof(struct hints_header)) {