From 3537565eeccc9ff363efac18a7c4e7460aacd30a Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Tue, 26 Mar 2019 06:04:57 -0700 Subject: listener: ensure history and temp files are rw-------. For security, the temporary files used by the "edit in external editor" feature of the listener, as well as the listener history file, should be readable and writable only to the owner. This relates to Debian bug 832460 against the Linenoise library: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460 In the TXR fork of the linenoise library, since we have an OS abstraction invoked by callback functions, we fix this entirely outside of linenoise. I don't agree with the upstream approach of fiddling with the umask and doing a chmod on the path. Since we are truncating and overwriting the file, all we have to do is, before writing any data, fchmod it to the required permissions. * parser.c (lino_open): If the file is being open for overwriting, then let's set its permissions so that it's readable and writable for the user only. --- parser.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/parser.c b/parser.c index 2710a1e3..0d526ba5 100644 --- a/parser.c +++ b/parser.c @@ -41,6 +41,9 @@ #ifdef __CYGWIN__ #include #endif +#if HAVE_SYS_STAT +#include +#endif #include "lib.h" #include "signal.h" #include "unwind.h" @@ -1520,11 +1523,15 @@ static mem_t *lino_open(const wchar_t *name_in, lino_file_mode_t mode_in) { val name = string(name_in); val mode = static_str(lino_mode_str[mode_in]); - mem_t *ret = 0; + val ret = 0; ignerr_begin; - ret = coerce(mem_t *, open_file(name, mode)); + ret = open_file(name, mode); +#if HAVE_CHMOD + if (mode_in == lino_overwrite) + (void) fchmod(c_num(stream_fd(ret)), S_IRUSR | S_IWUSR); +#endif ignerr_end; - return ret; + return coerce(mem_t *, ret); } static mem_t *lino_open8(const char *name_in, lino_file_mode_t mode_in) -- cgit v1.2.3