From: David Dykstra Date: Mon, 1 Mar 1999 21:22:54 +0000 (+0000) Subject: Change the mask used when creating temporary files from 777 to 700, to prevent X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/commitdiff_plain/5afd8aedce004cc11700285c16ea84f1e857d473 Change the mask used when creating temporary files from 777 to 700, to prevent an obscure race-condition security hole where a file may for a short time have the wrong group. Could have used 707 instead but that's just too weird of a permission. The define name used to be ACCESSPERMS but that is defined as 777 on Linux, so changed the name to INITPERMMASK. --- diff --git a/receiver.c b/receiver.c index 378364c4..d941fa2b 100644 --- a/receiver.c +++ b/receiver.c @@ -414,12 +414,12 @@ int recv_files(int f_in,struct file_list *flist,char *local_name,int f_gen) the lchown. Thanks to snabb@epipe.fi for pointing this out */ fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL, - file->mode & ACCESSPERMS); + file->mode & INITPERMMASK); if (fd2 == -1 && relative_paths && errno == ENOENT && create_directory_path(fnametmp) == 0) { fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL, - file->mode & ACCESSPERMS); + file->mode & INITPERMMASK); } if (fd2 == -1) { rprintf(FERROR,"cannot create %s : %s\n",fnametmp,strerror(errno)); diff --git a/rsync.c b/rsync.c index 178dc523..1d62abc4 100644 --- a/rsync.c +++ b/rsync.c @@ -202,7 +202,7 @@ int set_perms(char *fname,struct file_struct *file,STRUCT_STAT *st, #ifdef HAVE_CHMOD if (preserve_perms && !S_ISLNK(st->st_mode) && (st->st_mode != file->mode || - (updated && (file->mode & ~ACCESSPERMS)))) { + (updated && (file->mode & ~INITPERMMASK)))) { updated = 1; if (do_chmod(fname,file->mode) != 0) { rprintf(FERROR,"failed to set permissions on %s : %s\n", @@ -260,7 +260,7 @@ void finish_transfer(char *fname, char *fnametmp, struct file_struct *file) if (errno == EXDEV) { /* rename failed on cross-filesystem link. Copy the file instead. */ - if (copy_file(fnametmp,fname, file->mode & ACCESSPERMS)) { + if (copy_file(fnametmp,fname, file->mode & INITPERMMASK)) { rprintf(FERROR,"copy %s -> %s : %s\n", fnametmp,fname,strerror(errno)); } else { diff --git a/rsync.h b/rsync.h index 92ba2561..92823bbc 100644 --- a/rsync.h +++ b/rsync.h @@ -462,9 +462,10 @@ extern int errno; #define IS_DEVICE(mode) (S_ISCHR(mode) || S_ISBLK(mode) || S_ISSOCK(mode) || S_ISFIFO(mode)) -#ifndef ACCESSPERMS -#define ACCESSPERMS 0777 -#endif +/* Initial mask on permissions given to temporary files. Mask off setuid + bits and group access because of potential race-condition security + holes, and mask other access because mode 707 is bizarre */ +#define INITPERMMASK 0700 /* handler for null strings in printf format */ #define NS(s) ((s)?(s):"")