[kaffe] File.createTempFile() creates files in /tmp with mode 0666!

Mark J Roberts mjr@znex.org
Sun Mar 2 13:20:02 2003


Creating /tmp files with mode 0666 is insane. Other users should
never be able to read or write to your temp files! Case in point:

-rw-rw-r--    1 mjr      mjr             0 Mar  2 15:19 prefixF2571suffix

After the patch:

-rw-------    1 mjr      mjr             0 Mar  2 15:20 prefix87783suffix

Index: libraries/clib/io/File.c
===================================================================
RCS file: /cvs/kaffe/kaffe/libraries/clib/io/File.c,v
retrieving revision 1.17
diff -u -r1.17 File.c
--- libraries/clib/io/File.c	18 Dec 1999 07:40:25 -0000	1.17
+++ libraries/clib/io/File.c	2 Mar 2003 21:17:16 -0000
@@ -319,7 +319,7 @@
 }
 
 jboolean
-java_io_File_createNewFile0(struct Hjava_io_File* this)
+java_io_File_createNewFile0(struct Hjava_io_File* this, jint mode)
 {
 	char str[MAXPATHLEN];
 	int fd;
@@ -327,7 +327,7 @@
 
 	stringJava2CBuf(unhand(this)->path, str, sizeof(str));
 
-	rc = KOPEN(str, O_EXCL|O_WRONLY|O_CREAT, 0666, &fd);
+	rc = KOPEN(str, O_EXCL|O_WRONLY|O_CREAT, mode, &fd);
 	switch (rc) {
 	case 0:
 		break;
Index: libraries/javalib/java/io/File.java
===================================================================
RCS file: /cvs/kaffe/kaffe/libraries/javalib/java/io/File.java,v
retrieving revision 1.30
diff -u -r1.30 File.java
--- libraries/javalib/java/io/File.java	21 Nov 2002 21:57:24 -0000	1.30
+++ libraries/javalib/java/io/File.java	2 Mar 2003 21:17:17 -0000
@@ -117,7 +117,9 @@
 		File f = new File(dir, prefix
 		    + Integer.toHexString(
 			random.nextInt(0x100000)).toUpperCase() + suffix);
-		if (f.createNewFile())
+
+		f.checkWriteAccess();
+		if (f.createNewFile0(0600))
 			return f;
 	}
 }
@@ -387,10 +389,10 @@
 
 public boolean createNewFile() throws IOException {
 	checkWriteAccess();
-	return createNewFile0();
+	return createNewFile0(0666);
 }
 
-native private boolean createNewFile0() throws IOException;
+native private boolean createNewFile0(int mode) throws IOException;
 
 public boolean setLastModified(long time) {
 	checkWriteAccess();