Date: Mon, 4 Feb 2002 19:04:31 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Stephen McKay <mckay@thehub.com.au> Cc: Ian Dowse <iedowse@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/ctm/ctm_rmail ctm_rmail.c Message-ID: <20020204190431.A36742@xor.obsecurity.org> In-Reply-To: <200202041157.g14BvhC06852@dungeon.home>; from mckay@thehub.com.au on Mon, Feb 04, 2002 at 09:57:43PM %2B1000 References: <200201222254.g0MMsqg19740@freefall.freebsd.org> <200202041157.g14BvhC06852@dungeon.home>
next in thread | previous in thread | raw e-mail | index | archive | help
--XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 04, 2002 at 09:57:43PM +1000, Stephen McKay wrote: > On Tuesday, 22nd January 2002, Ian Dowse wrote: >=20 > >iedowse 2002/01/22 14:54:52 PST > > > > Modified files: > > usr.sbin/ctm/ctm_rmail ctm_rmail.c=20 > > Log: > > The mode of files created by ctm_rmail was always 0600, even if the > > umask was less restrictive. This was caused by the use of mkstemp() > > which internally passes a mode of 0600 to open(). Fix this by > > explicitly chmod'ing the files to (0666 & ~umask). >=20 > This is pretty silly. The right way to fix this is to revert back to > using mktemp(). Probably revert the whole 1.14 delta. I'll put this > on my TODO list. As I recall, the former use of mktemp() was insecure, which was the reason it was changed to use the secure mkstemp(). It should not be regressed. Kris --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8X0u+Wry0BWjoQKURApkLAKCpFJN0zA4OL54favcTWhTCNIhoXACgz1Ih C7DCQBaz3SM148uP9C+0WRE= =y1c9 -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204190431.A36742>