DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] vhost: fix insecure temporary file
@ 2019-11-26 15:19 Jin Yu
  2019-11-26 10:00 ` Bruce Richardson
  0 siblings, 1 reply; 4+ messages in thread
From: Jin Yu @ 2019-11-26 15:19 UTC (permalink / raw)
  To: Maxime Coquelin, Tiwei Bie, Zhihong Wang; +Cc: dev, Jin Yu, stable

When using mkstemp(), remember to safely set the umask
before to restrict the resulting temporary file
permissions to only the owner.

Coverity issue: 350367
Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
Cc: stable@dpdk.org

Signed-off-by: Jin Yu <jin.yu@intel.com>
---
 lib/librte_vhost/vhost_user.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 0cfb8b792..1a68e23e3 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1342,6 +1342,7 @@ inflight_mem_alloc(const char *name, size_t size, int *fd)
 	RTE_SET_USED(name);
 #endif
 	if (mfd == -1) {
+		mode_t mask = umask(0600);
 		mfd = mkstemp(fname);
 		if (mfd == -1) {
 			RTE_LOG(ERR, VHOST_CONFIG,
@@ -1349,6 +1350,7 @@ inflight_mem_alloc(const char *name, size_t size, int *fd)
 			return NULL;
 		}
 
+		umask(mask);
 		unlink(fname);
 	}
 
-- 
2.17.2


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-11-27  9:32 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-26 15:19 [dpdk-dev] [PATCH] vhost: fix insecure temporary file Jin Yu
2019-11-26 10:00 ` Bruce Richardson
2019-11-27  2:19   ` Yu, Jin
2019-11-27  9:32     ` Bruce Richardson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).