On 11/03/2020 13.22, Rasmus Villemoes wrote: > For something like 'mkdir -m 0700 foo', if the caller happens to have > a permissive umask (say allowing group write via 0007 or 0002), the > created directory will temporarily have more permissions than > requested. That's a mild security issue. > > This reworks bb_make_directory() to always create both intermediate > and the final component with 0 permissions, then chmods to the final > value.
Urgh, please ignore this patch. While it works as advertised, it may break the case of two processes doing "mkdir -p a/b/c" and "mkdir -p a/b/d" in parallel - if b is created by the first process, but not yet chmod'ed, the second process will fail. So newly created intermediate directories must be born with at least u+wx, which means there's no way around umask fiddling :( Rasmus _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
