util: pick slightly safer open() flags when creating temporary files

diff --git a/src/shared/util.c b/src/shared/util.c
index a6e86148d1bb49d9dfb421fc079bd814a55690c8..f9cbb2073c9a535e3bb41de0f5cd828809b3ae73 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -6136,7 +6136,7 @@ int mkostemp_safe(char *pattern, int flags) {
                 for (i = 0; i < 6; i++)
                         s[i] = ALPHANUMERICAL[(unsigned) s[i] % (sizeof(ALPHANUMERICAL)-1)];
 
                 for (i = 0; i < 6; i++)
                         s[i] = ALPHANUMERICAL[(unsigned) s[i] % (sizeof(ALPHANUMERICAL)-1)];
 

-                fd = open(pattern, flags|O_EXCL|O_CREAT, S_IRUSR|S_IWUSR);
+                fd = open(pattern, flags|O_EXCL|O_CREAT|O_NOCTTY|O_NOFOLLOW, S_IRUSR|S_IWUSR);

                 if (fd >= 0)
                         return fd;
                 if (!IN_SET(errno, EEXIST, EINTR))
                 if (fd >= 0)
                         return fd;
                 if (!IN_SET(errno, EEXIST, EINTR))


@@ -6153,10 +6153,13 @@ int open_tmpfile(const char *path, int flags) {
         assert(path);
 
 #ifdef O_TMPFILE
         assert(path);
 
 #ifdef O_TMPFILE

-        fd = open(path, flags|O_TMPFILE|O_NOCTTY, S_IRUSR|S_IWUSR);
+        /* Try O_TMPFILE first, if it is supported */
+        fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);

         if (fd >= 0)
                 return fd;
 #endif
         if (fd >= 0)
                 return fd;
 #endif

+
+        /* Fall back to unguessable name + unlinking */

         p = strappenda(path, "/systemd-tmp-XXXXXX");
 
         fd = mkostemp_safe(p, flags);
         p = strappenda(path, "/systemd-tmp-XXXXXX");
 
         fd = mkostemp_safe(p, flags);