projects / users / bernd / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 324ef45)
Fix security problem with psql \e where temp file could be an existing
authorBruce Momjian <bruce@momjian.us>
Sat, 25 Nov 2000 06:21:54 +0000 (06:21 +0000)
committerBruce Momjian <bruce@momjian.us>
Sat, 25 Nov 2000 06:21:54 +0000 (06:21 +0000)
symlink created by someone else, and therefore modifyable by someone else.

src/bin/psql/command.c patch | blob | blame | history

diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index 868159768f5cda54514b96c0499de509fd6ce582..412a441f222159d94a055e1402ada774088a7d79 100644 (file)
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -13,7 +13,8 @@
 #include <ctype.h>
 #ifndef WIN32
 #include <sys/types.h>                 /* for umask() */
-#include <sys/stat.h>                  /* for umask(), stat() */
+#include <sys/stat.h>                  /* for stat() */
+#include <fcntl.h>                             /* open() flags */
 #include <unistd.h>                            /* for geteuid(), getpid(), stat() */
 #else
 #include <win32.h>
@@ -1397,7 +1398,8 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf)
        FILE       *stream;
        const char *fname;
        bool            error = false;
-
+       int                     fd;
+       
 #ifndef WIN32
        struct stat before,
                                after;
@@ -1411,7 +1413,6 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf)
        {
                /* make a temp file to edit */
 #ifndef WIN32
-               mode_t          oldumask;
                const char *tmpdirenv = getenv("TMPDIR");
 
                sprintf(fnametmp, "%s/psql.edit.%ld.%ld",
@@ -1422,15 +1423,11 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf)
 #endif
                fname = (const char *) fnametmp;
 
-#ifndef WIN32
-               oldumask = umask(0177);
-#endif
-               stream = fopen(fname, "w");
-#ifndef WIN32
-               umask(oldumask);
-#endif
+               fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600);
+               if (fd != -1)
+                       stream = fdopen(fd, "w");
 
-               if (!stream)
+               if (fd == -1 || !stream)
                {
                        psql_error("couldn't open temp file %s: %s\n", fname, strerror(errno));
                        error = true;
Bernd Helmle's repository