[news.sysadmin] sort creates readable files in /usr/tmp

wendt@arizona.edu (Alan Lee Wendt) (11/08/88)

Apropos of security, Berkeley sort creates readable temp files
in /usr/tmp, due to non-intuitive behavior in fopen, which
when it creates new files always does it with 0666 permissions.
The fix is to do the creat manually in the newfile() routine
before calling fopen.  If you have a binary-only system, change
your umask before sorting.

Alan W.

henry@utzoo.uucp (Henry Spencer) (11/10/88)

In article <7739@megaron.arizona.edu> wendt@arizona.edu (Alan Lee Wendt) writes:
>Apropos of security, Berkeley sort creates readable temp files
>in /usr/tmp, due to non-intuitive behavior in fopen, which
>when it creates new files always does it with 0666 permissions.
>The fix is to do the creat manually in the newfile() routine
>before calling fopen...

A cleaner and possibly somewhat more portable fix is to change umask
for the fopen call, saving and restoring it if necessary.
-- 
The Earth is our mother.        |    Henry Spencer at U of Toronto Zoology
Our nine months are up.         |uunet!attcan!utzoo!henry henry@zoo.toronto.edu