From 60f7fc1ea42054e92f34b4ce9d608efd14357392 Mon Sep 17 00:00:00 2001
From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Thu, 24 Apr 2014 12:23:18 -0400
Subject: [PATCH] Fix for Coverity perl5 CID 29068: Insecure temporary file
 (SECURE_TEMP) secure_temp: Calling mkstemp() without securely setting umask
 first.

The umask used for mkstemp should be secure, but umask 0600 has been
the required umask only since POSIX.1-2008.  In glibc 2.06 and earlier
the default was 0666, which is not secure.  And no explicit knowledge
of how well non-glibc platforms implement mkstemp.  Better err on the
side security, so set the umask temporarily to 0600, and then restore it.
---
 perl.c   | 2 ++
 perlio.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/perl.c b/perl.c
index 86fb8d9c4be9..51deabde79d5 100644
--- a/perl.c
+++ b/perl.c
@@ -3762,7 +3762,9 @@ S_open_script(pTHX_ const char *scriptname, bool dosearch, bool *suidscript)
 	const char * const err = "Failed to create a fake bit bucket";
 	if (strEQ(scriptname, BIT_BUCKET)) {
 #ifdef HAS_MKSTEMP /* Hopefully mkstemp() is safe here. */
+            int old_umask = umask(0600);
 	    int tmpfd = mkstemp(tmpname);
+            umask(old_umask);
 	    if (tmpfd > -1) {
 		scriptname = tmpname;
 		close(tmpfd);
diff --git a/perlio.c b/perlio.c
index d4c43d091e66..f110759c56e7 100644
--- a/perlio.c
+++ b/perlio.c
@@ -4962,6 +4962,7 @@ PerlIO_tmpfile(void)
      char tempname[] = "/tmp/PerlIO_XXXXXX";
      const char * const tmpdir = TAINTING_get ? NULL : PerlEnv_getenv("TMPDIR");
      SV * sv = NULL;
+     int old_umask = umask(0600);
      /*
       * I have no idea how portable mkstemp() is ... NI-S
       */
@@ -4983,6 +4984,7 @@ PerlIO_tmpfile(void)
          sv_catpv(sv, tempname + 4);
          fd = mkstemp(SvPVX(sv));
      }
+     umask(old_umask);
      if (fd >= 0) {
 	  f = PerlIO_fdopen(fd, "w+");
 	  if (f)