reassign 810924 perl retitle 810924 Upstream umask/mode confusion causes IO::File->new_tmpfile mode regression thanks
Niko and Dominic, I am reassigning this bug to perl as I think the underlying cause is an upstream bug in 5.22.1 which has just appeared in testing. I have also queued a workaround for apt-cacher. In perl 5.22.1 IO::File->new_tmpfile returns a file with mode 0000. Trying to reopen this within the same process then fails with permission denied. In perl versions prior to this the temporary file has mode 0600. I think the upstream commit that has caused the change in behaviour is http://perl5.git.perl.org/perl.git/commitdiff/60f7fc1ea42054e92f34b4ce9d608efd14357392 It looks as if the intention of the commit was to secure calls to mkstemp(3) by ensuring a sufficiently tight umask. However the commit confuses umask and mode and temporarily sets the *umask* to 0600. mkstemp(3) then creates the new file with *mode* 0600 and the combination of 0600 & ~0600 produces the observed mode 0000. Surely the correct temporary umask to achieve security should be 0077 or 0177? Many thanks. Best wishes Mark
