devilhorns pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=ee720592196a3b5649a67f3dc80ebb1ce1992c99
commit ee720592196a3b5649a67f3dc80ebb1ce1992c99 Author: Chris Michael <[email protected]> Date: Fri Jul 8 08:48:27 2016 -0400 elput: Fix insecure temporary file Fix using mkstemp directly without securely setting umask first by making use of eina_file_mkstemp which does set unmask. Fixes Coverity CID1357165 @fix Signed-off-by: Chris Michael <[email protected]> --- src/lib/elput/elput_evdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/elput/elput_evdev.c b/src/lib/elput/elput_evdev.c index 8704a2e..53279c9 100644 --- a/src/lib/elput/elput_evdev.c +++ b/src/lib/elput/elput_evdev.c @@ -79,7 +79,8 @@ _keyboard_fd_get(off_t size) else return -1; - if ((fd = mkstemp(tmp)) < 0) return -1; + fd = eina_file_mkstemp(tmp, NULL); + if (fd < 0) return -1; flags = fcntl(fd, F_GETFD); if (flags < 0) --
