database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-05 09:19:17 +03:00
Code

Restrict file mode creation mask during tmpfile().

Browse Source 
Per Coverity.  Back-patch to 9.0 (all supported versions).

Michael Paquier, reviewed (in earlier versions) by Heikki Linnakangas.
This commit is contained in:
Noah Misch 2015-09-20 20:42:27 -04:00
parent ac0c71228f
commit c94b65f677
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/bin/pg_dump/pg_backup_tar.c
View File

@ -371,8 +371,18 @@ tarOpen(ArchiveHandle *AH, const char *filename, char mode)
} }
else else
{ {
int old_umask;
tm = pg_calloc(1, sizeof(TAR_MEMBER)); tm = pg_calloc(1, sizeof(TAR_MEMBER));
/*
* POSIX does not require, but permits, tmpfile() to restrict file
* permissions. Given an OS crash after we write data, the filesystem
* might retain the data but forget tmpfile()'s unlink(). If so, the
* file mode protects confidentiality of the data written.
*/
old_umask = umask(S_IRWXG | S_IRWXO);
#ifndef WIN32 #ifndef WIN32
tm->tmpFH = tmpfile(); tm->tmpFH = tmpfile();
#else #else
@ -407,6 +417,8 @@ tarOpen(ArchiveHandle *AH, const char *filename, char mode)
if (tm->tmpFH == NULL) if (tm->tmpFH == NULL)
exit_horribly(modulename, "could not generate temporary file name: %s\n", strerror(errno)); exit_horribly(modulename, "could not generate temporary file name: %s\n", strerror(errno));
umask(old_umask);
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
if (AH->compression != 0) if (AH->compression != 0)