[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [minor] umask 400 causes here-{doc,string} failure
From: |
Martijn Dekker |
Subject: |
Re: [minor] umask 400 causes here-{doc,string} failure |
Date: |
Sun, 28 Oct 2018 22:05:15 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
Op 11-03-18 om 17:31 schreef Ilkka Virta:
On 11.3. 17:17, Stephane Chazelas wrote:
$ bash -c 'umask 400; cat <<< test'
bash: cannot create temp file for here-document: Permission denied
Those shells use temporary files to store the content of the
here-documents as the Bourne shell initially did, and open them
in read-only mode to make it cat's stdin.
When umask contains the 0400 bit, the file is created without
read permission to the user, hence the error upon that second
open().
I can think of several ways to address it:
1- do nothing and blame the user
2- open the file only once for both
writing the content and making it the command's stdin
3. use a pipe instead of a temp file
4. Reset the umask temporarily to 077
One more came to mind:
5. manually chmod() the tempfile to 0400 or 0600 if the open() for
reading fails with EACCES, and then retry. Should be doable with a
localized change to that particular error condition, without changing
the overall behaviour.
Unless I'm missing something, there should be no reason for an internal
temp file to have any permissions other than 0600 (user
readable/writable), so it seems to me that an fchmod call straight after
creating the file and before returning the fd is the simplest way of
fixing the bug; this makes the permissions of internal temp files
entirely independent of the umask.
diff --git a/lib/sh/tmpfile.c b/lib/sh/tmpfile.c
index e41e45b..1805cdf 100644
--- a/lib/sh/tmpfile.c
+++ b/lib/sh/tmpfile.c
@@ -203,7 +203,6 @@ sh_mktmpfd (nameroot, flags, namep)
}
if (namep)
*namep = filename;
- return fd;
#else /* !USE_MKSTEMP */
sh_seedrand ();
do
@@ -224,8 +223,9 @@ sh_mktmpfd (nameroot, flags, namep)
else
free (filename);
- return fd;
#endif /* !USE_MKSTEMP */
+ fchmod(fd, S_IRUSR | S_IWUSR);
+ return fd;
}
FILE *
- Re: [minor] umask 400 causes here-{doc,string} failure,
Martijn Dekker <=