bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [minor] umask 400 causes here-{doc,string} failure


From: Martijn Dekker
Subject: Re: [minor] umask 400 causes here-{doc,string} failure
Date: Sun, 28 Oct 2018 22:05:15 +0000
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Op 11-03-18 om 17:31 schreef Ilkka Virta:
On 11.3. 17:17, Stephane Chazelas wrote:
$ bash -c 'umask 400; cat <<< test'
bash: cannot create temp file for here-document: Permission denied

Those shells use temporary files to store the content of the
here-documents as the Bourne shell initially did, and open them
in read-only mode to make it cat's stdin.

When umask contains the 0400 bit, the file is created without
read permission to the user, hence the error upon that second
open().
I can think of several ways to address it:

1- do nothing and blame the user
2- open the file only once for both
writing the content and making it the command's stdin
3. use a pipe instead of a temp file
4. Reset the umask temporarily to 077

One more came to mind:

5. manually chmod() the tempfile to 0400 or 0600 if the open() for reading fails with EACCES, and then retry. Should be doable with a localized change to that particular error condition, without changing the overall behaviour.

Unless I'm missing something, there should be no reason for an internal temp file to have any permissions other than 0600 (user readable/writable), so it seems to me that an fchmod call straight after creating the file and before returning the fd is the simplest way of fixing the bug; this makes the permissions of internal temp files entirely independent of the umask.

diff --git a/lib/sh/tmpfile.c b/lib/sh/tmpfile.c
index e41e45b..1805cdf 100644
--- a/lib/sh/tmpfile.c
+++ b/lib/sh/tmpfile.c
@@ -203,7 +203,6 @@ sh_mktmpfd (nameroot, flags, namep)
     }
   if (namep)
     *namep = filename;
-  return fd;
 #else /* !USE_MKSTEMP */
   sh_seedrand ();
   do
@@ -224,8 +223,9 @@ sh_mktmpfd (nameroot, flags, namep)
   else
     free (filename);

-  return fd;
 #endif /* !USE_MKSTEMP */
+  fchmod(fd, S_IRUSR | S_IWUSR);
+  return fd;
 }

 FILE *



reply via email to

[Prev in Thread] Current Thread [Next in Thread]