Because mkstemp() create a file with mode 0600, only user doing
the commit (typically root) will be allowed to inspect the content
of the file after uci commit.
Signed-off-by: Alin Nastac <alin.nas...@gmail.com>
---
file.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/file.c b/file.c
index 3ac49c6..6486de9 100644
--- a/file.c
+++ b/file.c
@@ -724,6 +724,7 @@ static void uci_file_commit(struct uci_context *ctx, struct
uci_package **packag
char *volatile name = NULL;
char *volatile path = NULL;
char *filename = NULL;
+ struct stat statbuf;
volatile bool do_rename = false;
int fd;
@@ -801,7 +802,7 @@ done:
uci_close_stream(f1);
if (do_rename) {
path = realpath(p->path, NULL);
- if (!path || rename(filename, path)) {
+ if (!path || stat(path, &statbuf) || chmod(filename,
statbuf.st_mode) || rename(filename, path)) {
unlink(filename);
UCI_THROW(ctx, UCI_ERR_IO);
}
--
2.7.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
