X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Futil.c;h=30512d16462bf5c528660a66a9ab8e10380ed402;hb=87b0284327e34a4b96c22085fa2cdb3219294991;hp=0e7d5c5fb3388e39236af01d73f73503b9ddafec;hpb=d37a91e860ce953079870bdbd2526b2c04bb9ea5;p=elogind.git

diff --git a/src/shared/util.c b/src/shared/util.c
index 0e7d5c5fb..30512d164 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3893,7 +3893,7 @@ int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
         t[k] = '.';
         stpcpy(stpcpy(t+k+1, fn), "XXXXXX");
 
-        fd = mkostemp(t, O_WRONLY|O_CLOEXEC);
+        fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
         if (fd < 0) {
                 free(t);
                 return -errno;
@@ -6093,33 +6093,19 @@ int getpeersec(int fd, char **ret) {
         return 0;
 }
 
-int writev_safe(int fd, const struct iovec *w, int j) {
-        for (int i = 0; i < j; i++) {
-                size_t written = 0;
-
-                while (written < w[i].iov_len) {
-                        ssize_t r;
-
-                        r = write(fd, (char*) w[i].iov_base + written, w[i].iov_len - written);
-                        if (r < 0 && errno != -EINTR)
-                                return -errno;
-
-                        written += r;
-                }
-        }
-
-        return 0;
-}
-
 int mkostemp_safe(char *pattern, int flags) {
         unsigned long tries = TMP_MAX;
         char *s;
         int r;
+        _cleanup_umask_ mode_t u;
 
         assert(pattern);
 
+        u = umask(077);
+
         /* This is much like like mkostemp() but avoids using any
-         * static variables, thus is async signal safe */
+         * static variables, thus is async signal safe. Also, it's not
+         * subject to umask(). */
 
         s = endswith(pattern, "XXXXXX");
         if (!s)
@@ -6136,7 +6122,7 @@ int mkostemp_safe(char *pattern, int flags) {
                 for (i = 0; i < 6; i++)
                         s[i] = ALPHANUMERICAL[(unsigned) s[i] % (sizeof(ALPHANUMERICAL)-1)];
 
-                fd = open(pattern, flags|O_EXCL|O_CREAT, S_IRUSR|S_IWUSR);
+                fd = open(pattern, flags|O_EXCL|O_CREAT|O_NOCTTY|O_NOFOLLOW, S_IRUSR|S_IWUSR);
                 if (fd >= 0)
                         return fd;
                 if (!IN_SET(errno, EEXIST, EINTR))
@@ -6147,17 +6133,22 @@ int mkostemp_safe(char *pattern, int flags) {
 }
 
 int open_tmpfile(const char *path, int flags) {
-        int fd;
         char *p;
+        int fd;
+
+        assert(path);
 
 #ifdef O_TMPFILE
+        /* Try O_TMPFILE first, if it is supported */
         fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
         if (fd >= 0)
                 return fd;
 #endif
+
+        /* Fall back to unguessable name + unlinking */
         p = strappenda(path, "/systemd-tmp-XXXXXX");
 
-        fd = mkostemp_safe(p, O_RDWR|O_CLOEXEC);
+        fd = mkostemp_safe(p, flags);
         if (fd < 0)
                 return fd;