Change the mask used when creating temporary files from 777 to 700, to prevent

an obscure race-condition security hole where a file may for a short time have the wrong group. Could have used 707 instead but that's just too weird of a permission. The define name used to be ACCESSPERMS but that is defined as 777 on Linux, so changed the name to INITPERMMASK.

Change the mask used when creating temporary files from 777 to 700, to prevent
an obscure race-condition security hole where a file may for a short time have the wrong group. Could have used 707 instead but that's just too weird of a permission. The define name used to be ACCESSPERMS but that is defined as 777 on Linux, so changed the name to INITPERMMASK.
5afd8aed · David Dykstra · 86692050 · 5afd8aed · 5afd8aed · 5afd8aed
Commit 5afd8aed authored Mar 01, 1999 by David Dykstra
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 7 deletions

receiver.c receiver.c +2 -2

rsync.c rsync.c +2 -2

rsync.h rsync.h +4 -3

No files found.
--- a/receiver.c
+++ b/receiver.c
@@ -414,12 +414,12 @@ int recv_files(int f_in,struct file_list *flist,char *local_name,int f_gen)
 		   the lchown. Thanks to snabb@epipe.fi for pointing
 		   this out */
 		fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL,
-			      file->mode & ACCESSPERMS);
+			      file->mode & INITPERMMASK);

 		if (fd2 == -1 && relative_paths && errno == ENOENT && 
 		    create_directory_path(fnametmp) == 0) {
 			fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL,
-				      file->mode & ACCESSPERMS);
+				      file->mode & INITPERMMASK);
 		}
 		if (fd2 == -1) {
 			rprintf(FERROR,"cannot create %s : %s\n",fnametmp,strerror(errno));

--- a/rsync.c
+++ b/rsync.c
@@ -202,7 +202,7 @@ int set_perms(char *fname,struct file_struct *file,STRUCT_STAT *st,
 #ifdef HAVE_CHMOD
 	if (preserve_perms && !S_ISLNK(st->st_mode) &&
 	    (st->st_mode != file->mode || 
-	     (updated && (file->mode & ~ACCESSPERMS)))) {
+	     (updated && (file->mode & ~INITPERMMASK)))) {
 		updated = 1;
 		if (do_chmod(fname,file->mode) != 0) {
 			rprintf(FERROR,"failed to set permissions on %s : %s\n",
@@ -260,7 +260,7 @@ void finish_transfer(char *fname, char *fnametmp, struct file_struct *file)
 		if (errno == EXDEV) {
 			/* rename failed on cross-filesystem link.  
 			   Copy the file instead. */
-			if (copy_file(fnametmp,fname, file->mode & ACCESSPERMS)) {
+			if (copy_file(fnametmp,fname, file->mode & INITPERMMASK)) {
 				rprintf(FERROR,"copy %s -> %s : %s\n",
 					fnametmp,fname,strerror(errno));
 			} else {

--- a/rsync.h
+++ b/rsync.h
@@ -462,9 +462,10 @@ extern int errno;

 #define IS_DEVICE(mode) (S_ISCHR(mode) || S_ISBLK(mode) || S_ISSOCK(mode) || S_ISFIFO(mode))

-#ifndef ACCESSPERMS
-#define ACCESSPERMS 0777
-#endif
+/* Initial mask on permissions given to temporary files.  Mask off setuid
+     bits and group access because of potential race-condition security
+     holes, and mask other access because mode 707 is bizarre */
+#define INITPERMMASK 0700

 /* handler for null strings in printf format */
 #define NS(s) ((s)?(s):"<NULL>")