Fix for Coverity perl5 CID 29068: Insecure temporary file (SECURE_TEM…

…P) secure_temp: Calling mkstemp() without securely setting umask first. The umask used for mkstemp should be secure, but umask 0600 has been the required umask only since POSIX.1-2008. In glibc 2.06 and earlier the default was 0666, which is not secure. And no explicit knowledge of how well non-glibc platforms implement mkstemp. Better err on the side security, so set the umask temporarily to 0600, and then restore it.
Perl · May 28, 2014 · 60f7fc1 · 60f7fc1
1 parent c67159e
commit 60f7fc1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/perl.c b/perl.c
@@ -3762,7 +3762,9 @@ S_open_script(pTHX_ const char *scriptname, bool dosearch, bool *suidscript)
 	const char * const err = "Failed to create a fake bit bucket";
 	if (strEQ(scriptname, BIT_BUCKET)) {
 #ifdef HAS_MKSTEMP /* Hopefully mkstemp() is safe here. */
+            int old_umask = umask(0600);
 	    int tmpfd = mkstemp(tmpname);
+            umask(old_umask);
 	    if (tmpfd > -1) {
 		scriptname = tmpname;
 		close(tmpfd);

diff --git a/perlio.c b/perlio.c
@@ -4962,6 +4962,7 @@ PerlIO_tmpfile(void)
      char tempname[] = "/tmp/PerlIO_XXXXXX";
      const char * const tmpdir = TAINTING_get ? NULL : PerlEnv_getenv("TMPDIR");
      SV * sv = NULL;
+     int old_umask = umask(0600);
      /*
       * I have no idea how portable mkstemp() is ... NI-S
       */
@@ -4983,6 +4984,7 @@ PerlIO_tmpfile(void)
          sv_catpv(sv, tempname + 4);
          fd = mkstemp(SvPVX(sv));
      }
+     umask(old_umask);
      if (fd >= 0) {
 	  f = PerlIO_fdopen(fd, "w+");
 	  if (f)