Depending on the system mkstemp might create the scratch files with 0666
permission (e.g. glibc <= 2.06); for security reasons, it should use
0600. Thus, one is supposed to set a umask before calling the function
(see, e.g., the Linux man page for mkstemp).
Build and regtested on x86-64-linux.
OK for the trunk? Is this something one should back port to the branches?
Tobias
2012-10-10 Tobias Burnus <bur...@net-b.de>
PR fortran/54878
* io/unix.c (tempfile_open): Set umask before calling mkstemp.
diff --git a/libgfortran/io/unix.c b/libgfortran/io/unix.c
index 805d4bb..713d54c 100644
--- a/libgfortran/io/unix.c
+++ b/libgfortran/io/unix.c
@@ -1051,6 +1051,9 @@ tempfile_open (const char *tempdir, char **fname)
{
int fd;
const char *slash = "/";
+#if defined(HAVE_UMASK) && defined(HAVE_MKSTEMP)
+ mode_t mode_mask;
+#endif
if (!tempdir)
return -1;
@@ -1072,8 +1075,17 @@ tempfile_open (const char *tempdir, char **fname)
snprintf (template, tempdirlen + 23, "%s%sgfortrantmpXXXXXX",
tempdir, slash);
+#ifdef HAVE_UMASK
+ /* Temporarily set the umask such that the file has 0600 permissions. */
+ mode_mask = umask (S_IXUSR | S_IRWXG | S_IRWXO);
+#endif
+
fd = mkstemp (template);
+#ifdef HAVE_UMASK
+ (void) umask (mode_mask);
+#endif
+
#else /* HAVE_MKSTEMP */
fd = -1;
int count = 0;
