From 9dd0d2c1a7ed851474d08714e20511d66ef3122b Mon Sep 17 00:00:00 2001
From: Steve Bennett <steveb@workware.net.au>
Date: Mon, 28 Apr 2014 08:13:18 +1000
Subject: exec, file: set umask before mkstemp

Set umask so that temp files are created with
permissions 0600.

Courtesy of coverity.

Signed-off-by: Steve Bennett <steveb@workware.net.au>
---
 jim-exec.c | 4 +++-
 jim-file.c | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/jim-exec.c b/jim-exec.c
index 6856355..a6fdb02 100644
--- a/jim-exec.c
+++ b/jim-exec.c
@@ -126,6 +126,7 @@ int Jim_execInit(Jim_Interp *interp)
     #include <unistd.h>
     #include <fcntl.h>
     #include <sys/wait.h>
+    #include <sys/stat.h>
 
     typedef int fdtype;
     typedef int pidtype;
@@ -1576,8 +1577,9 @@ static int JimRewindFd(int fd)
 static int JimCreateTemp(Jim_Interp *interp, const char *contents, int len)
 {
     char inName[] = "/tmp/tcl.tmp.XXXXXX";
-
+    mode_t mask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
     int fd = mkstemp(inName);
+    umask(mask);
     if (fd == JIM_BAD_FD) {
         Jim_SetResultErrno(interp, "couldn't create temp file");
         return -1;
diff --git a/jim-file.c b/jim-file.c
index ddb0ede..6d10a2b 100644
--- a/jim-file.c
+++ b/jim-file.c
@@ -489,6 +489,7 @@ static int file_cmd_tempfile(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
     int fd;
     char *filename;
     const char *template = "/tmp/tcl.tmp.XXXXXX";
+    mode_t mask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
 
     if (argc >= 1) {
         template = Jim_String(argv[0]);
@@ -496,6 +497,7 @@ static int file_cmd_tempfile(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
     filename = Jim_StrDup(template);
 
     fd = mkstemp(filename);
+    umask(mask);
     if (fd < 0) {
         Jim_SetResultString(interp, "Failed to create tempfile", -1);
         Jim_Free(filename);
-- 
cgit v1.1