Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > gnu.bash.bug > #14739

Re: [minor] umask 400 causes here-{doc,string} failure

From Martijn Dekker <martijn@inlv.org>
Newsgroups gnu.bash.bug
Subject Re: [minor] umask 400 causes here-{doc,string} failure
Date 2018-10-28 22:05 +0000
Message-ID <mailman.2970.1540764342.1284.bug-bash@gnu.org> (permalink)
References <20180311151742.GB6450@chaz.gmail.com> <d86f6764-bc53-834b-0ce2-ad3155e108a8@iki.fi>

Show all headers | View raw

Op 11-03-18 om 17:31 schreef Ilkka Virta:
> On 11.3. 17:17, Stephane Chazelas wrote:
>> $ bash -c 'umask 400; cat <<< test'
>> bash: cannot create temp file for here-document: Permission denied
> 
>> Those shells use temporary files to store the content of the
>> here-documents as the Bourne shell initially did, and open them
>> in read-only mode to make it cat's stdin.
>>
>> When umask contains the 0400 bit, the file is created without
>> read permission to the user, hence the error upon that second
>> open().
>> I can think of several ways to address it:
>>
>> 1- do nothing and blame the user
>> 2- open the file only once for both
>> writing the content and making it the command's stdin
>> 3. use a pipe instead of a temp file
>> 4. Reset the umask temporarily to 077
> 
> One more came to mind:
> 
> 5. manually chmod() the tempfile to 0400 or 0600 if the open() for 
> reading fails with EACCES, and then retry. Should be doable with a 
> localized change to that particular error condition, without changing 
> the overall behaviour.

Unless I'm missing something, there should be no reason for an internal 
temp file to have any permissions other than 0600 (user 
readable/writable), so it seems to me that an fchmod call straight after 
creating the file and before returning the fd is the simplest way of 
fixing the bug; this makes the permissions of internal temp files 
entirely independent of the umask.

diff --git a/lib/sh/tmpfile.c b/lib/sh/tmpfile.c
index e41e45b..1805cdf 100644
--- a/lib/sh/tmpfile.c
+++ b/lib/sh/tmpfile.c
@@ -203,7 +203,6 @@ sh_mktmpfd (nameroot, flags, namep)
      }
    if (namep)
      *namep = filename;
-  return fd;
  #else /* !USE_MKSTEMP */
    sh_seedrand ();
    do
@@ -224,8 +223,9 @@ sh_mktmpfd (nameroot, flags, namep)
    else
      free (filename);

-  return fd;
  #endif /* !USE_MKSTEMP */
+  fchmod(fd, S_IRUSR | S_IWUSR);
+  return fd;
  }

  FILE *

Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread

Thread

Re: [minor] umask 400 causes here-{doc,string} failure Martijn Dekker <martijn@inlv.org> - 2018-10-28 22:05 +0000

csiph-web