Hi, here is a patch to limit the file modes to u+rw for temp. downloaded files.
Not sure if your proof of concept still works or not - but it seems a good thing anyways. Regards, Tim
From 5de996a94f74a31132660238e3b11fd0e29c18fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim Rühsen?= <tim.rueh...@gmx.de>
Date: Sun, 14 Aug 2016 21:04:58 +0200
Subject: [PATCH] Limit file mode to u=rw on temp. downloaded files
* bootstrap.conf: Add gnulib modules fopen, open.
* src/http.c (open_output_stream): Limit file mode to u=rw
on temp. downloaded files.
Reported-by: "Misra, Deapesh" <dmi...@verisign.com>
---
bootstrap.conf | 2 ++
src/http.c | 13 ++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/bootstrap.conf b/bootstrap.conf
index 2b225b7..d9a5f90 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -40,6 +40,7 @@ dirname
fcntl
flock
fnmatch
+fopen
futimens
ftello
getaddrinfo
@@ -71,6 +72,7 @@ crypto/md5
crypto/sha1
crypto/sha256
crypto/sha512
+open
quote
quotearg
recv
diff --git a/src/http.c b/src/http.c
index 56b8669..d463f29 100644
--- a/src/http.c
+++ b/src/http.c
@@ -39,6 +39,7 @@ as that of the covered work. */
#include <errno.h>
#include <time.h>
#include <locale.h>
+#include <fcntl.h>
#include "hash.h"
#include "http.h"
@@ -2471,7 +2472,17 @@ open_output_stream (struct http_stat *hs, int count, FILE **fp)
open_id = 22;
*fp = fopen (hs->local_file, "wb", FOPEN_OPT_ARGS);
#else /* def __VMS */
- *fp = fopen (hs->local_file, "wb");
+ if (opt.delete_after
+ || opt.spider /* opt.recursive is implicitely true */
+ || !acceptable (hs->local_file))
+ {
+ *fp = fdopen (open (hs->local_file, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR), "wb");
+ }
+ else
+ {
+ *fp = fopen (hs->local_file, "wb");
+ }
+
#endif /* def __VMS [else] */
}
else
--
2.8.1
signature.asc
Description: This is a digitally signed message part.
