[kaffe] File.createTempFile() creates files in /tmp with mode 0666!
Mark J Roberts
mjr@znex.org
Sun Mar 2 13:20:02 2003
Creating /tmp files with mode 0666 is insane. Other users should
never be able to read or write to your temp files! Case in point:
-rw-rw-r-- 1 mjr mjr 0 Mar 2 15:19 prefixF2571suffix
After the patch:
-rw------- 1 mjr mjr 0 Mar 2 15:20 prefix87783suffix
Index: libraries/clib/io/File.c
===================================================================
RCS file: /cvs/kaffe/kaffe/libraries/clib/io/File.c,v
retrieving revision 1.17
diff -u -r1.17 File.c
--- libraries/clib/io/File.c 18 Dec 1999 07:40:25 -0000 1.17
+++ libraries/clib/io/File.c 2 Mar 2003 21:17:16 -0000
@@ -319,7 +319,7 @@
}
jboolean
-java_io_File_createNewFile0(struct Hjava_io_File* this)
+java_io_File_createNewFile0(struct Hjava_io_File* this, jint mode)
{
char str[MAXPATHLEN];
int fd;
@@ -327,7 +327,7 @@
stringJava2CBuf(unhand(this)->path, str, sizeof(str));
- rc = KOPEN(str, O_EXCL|O_WRONLY|O_CREAT, 0666, &fd);
+ rc = KOPEN(str, O_EXCL|O_WRONLY|O_CREAT, mode, &fd);
switch (rc) {
case 0:
break;
Index: libraries/javalib/java/io/File.java
===================================================================
RCS file: /cvs/kaffe/kaffe/libraries/javalib/java/io/File.java,v
retrieving revision 1.30
diff -u -r1.30 File.java
--- libraries/javalib/java/io/File.java 21 Nov 2002 21:57:24 -0000 1.30
+++ libraries/javalib/java/io/File.java 2 Mar 2003 21:17:17 -0000
@@ -117,7 +117,9 @@
File f = new File(dir, prefix
+ Integer.toHexString(
random.nextInt(0x100000)).toUpperCase() + suffix);
- if (f.createNewFile())
+
+ f.checkWriteAccess();
+ if (f.createNewFile0(0600))
return f;
}
}
@@ -387,10 +389,10 @@
public boolean createNewFile() throws IOException {
checkWriteAccess();
- return createNewFile0();
+ return createNewFile0(0666);
}
-native private boolean createNewFile0() throws IOException;
+native private boolean createNewFile0(int mode) throws IOException;
public boolean setLastModified(long time) {
checkWriteAccess();