From 63edc5c4e02d8da1250db6b6653df9eca7d947ff Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Sat, 25 Nov 2000 06:21:54 +0000 Subject: [PATCH] Fix security problem with psql \e where temp file could be an existing symlink created by someone else, and therefore modifyable by someone else. --- src/bin/psql/command.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c index 0d3a1f3a89..55914cb618 100644 --- a/src/bin/psql/command.c +++ b/src/bin/psql/command.c @@ -3,7 +3,7 @@ * * Copyright 2000 by PostgreSQL Global Development Group * - * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.38 2000/11/13 23:37:53 momjian Exp $ + * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.39 2000/11/25 06:21:54 momjian Exp $ */ #include "postgres.h" #include "command.h" @@ -13,7 +13,8 @@ #include #ifndef WIN32 #include /* for umask() */ -#include /* for umask(), stat() */ +#include /* for stat() */ +#include /* open() flags */ #include /* for geteuid(), getpid(), stat() */ #else #include @@ -1397,7 +1398,8 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf) FILE *stream; const char *fname; bool error = false; - + int fd; + #ifndef WIN32 struct stat before, after; @@ -1411,7 +1413,6 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf) { /* make a temp file to edit */ #ifndef WIN32 - mode_t oldumask; const char *tmpdirenv = getenv("TMPDIR"); sprintf(fnametmp, "%s/psql.edit.%ld.%ld", @@ -1422,15 +1423,11 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf) #endif fname = (const char *) fnametmp; -#ifndef WIN32 - oldumask = umask(0177); -#endif - stream = fopen(fname, "w"); -#ifndef WIN32 - umask(oldumask); -#endif + fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600); + if (fd != -1) + stream = fdopen(fd, "w"); - if (!stream) + if (fd == -1 || !stream) { psql_error("couldn't open temp file %s: %s\n", fname, strerror(errno)); error = true; -- 2.40.0