[dpdk-dev] [PATCH] vhost: fix insecure temporary file

Jin Yu jin.yu at intel.com
Tue Nov 26 16:19:00 CET 2019

Previous message: [dpdk-dev] [dpdk-stable] [PATCH] net/ifc: fix unchecked return value
Next message: [dpdk-dev] [PATCH] vhost: fix insecure temporary file
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When using mkstemp(), remember to safely set the umask
before to restrict the resulting temporary file
permissions to only the owner.

Coverity issue: 350367
Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
Cc: stable at dpdk.org

Signed-off-by: Jin Yu <jin.yu at intel.com>
---
 lib/librte_vhost/vhost_user.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 0cfb8b792..1a68e23e3 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1342,6 +1342,7 @@ inflight_mem_alloc(const char *name, size_t size, int *fd)
 	RTE_SET_USED(name);
 #endif
 	if (mfd == -1) {
+		mode_t mask = umask(0600);
 		mfd = mkstemp(fname);
 		if (mfd == -1) {
 			RTE_LOG(ERR, VHOST_CONFIG,
@@ -1349,6 +1350,7 @@ inflight_mem_alloc(const char *name, size_t size, int *fd)
 			return NULL;
 		}
 
+		umask(mask);
 		unlink(fname);
 	}
 
-- 
2.17.2

Previous message: [dpdk-dev] [dpdk-stable] [PATCH] net/ifc: fix unchecked return value
Next message: [dpdk-dev] [PATCH] vhost: fix insecure temporary file
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list