https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66011
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org,
| |redi at gcc dot gnu.org
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
CloseFD out = { ::open(to.c_str(), O_WRONLY|O_CREAT) };
indeed looks like a bug to me, for O_CREAT one needs to use 3 argument ::open,
to specify mode. It is true that there is later on a fchmodat or chmod, but
that still leaves the permissions in between the open and chmod as random.
Either it should be ::open(to.c_str(), O_WRONLY|O_CREAT, from_st->st_mode) ,
or perhaps say from_st->st_mode & S_IRWXU, etc. so that you don't expose the
file content while it is still incomplete to other users, or just S_IWUSR so
that owner can write and nothing else.
