the lchown. Thanks to snabb@epipe.fi for pointing
this out */
fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL,
- file->mode & ACCESSPERMS);
+ file->mode & INITPERMMASK);
if (fd2 == -1 && relative_paths && errno == ENOENT &&
create_directory_path(fnametmp) == 0) {
fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL,
- file->mode & ACCESSPERMS);
+ file->mode & INITPERMMASK);
}
if (fd2 == -1) {
rprintf(FERROR,"cannot create %s : %s\n",fnametmp,strerror(errno));
#ifdef HAVE_CHMOD
if (preserve_perms && !S_ISLNK(st->st_mode) &&
(st->st_mode != file->mode ||
- (updated && (file->mode & ~ACCESSPERMS)))) {
+ (updated && (file->mode & ~INITPERMMASK)))) {
updated = 1;
if (do_chmod(fname,file->mode) != 0) {
rprintf(FERROR,"failed to set permissions on %s : %s\n",
if (errno == EXDEV) {
/* rename failed on cross-filesystem link.
Copy the file instead. */
- if (copy_file(fnametmp,fname, file->mode & ACCESSPERMS)) {
+ if (copy_file(fnametmp,fname, file->mode & INITPERMMASK)) {
rprintf(FERROR,"copy %s -> %s : %s\n",
fnametmp,fname,strerror(errno));
} else {
#define IS_DEVICE(mode) (S_ISCHR(mode) || S_ISBLK(mode) || S_ISSOCK(mode) || S_ISFIFO(mode))
-#ifndef ACCESSPERMS
-#define ACCESSPERMS 0777
-#endif
+/* Initial mask on permissions given to temporary files. Mask off setuid
+ bits and group access because of potential race-condition security
+ holes, and mask other access because mode 707 is bizarre */
+#define INITPERMMASK 0700
/* handler for null strings in printf format */
#define NS(s) ((s)?(s):"<NULL>")