RGBCube/uutils-coreutils
1
Fork 0
mirror of https://github.com/RGBCube/uutils-coreutils synced 2025-07-28 03:27:44 +00:00
Code Issues Activity

Merge pull request #7617 from MidnightRocket/mktemp/prevent-race-condition-tempdir-permissions

Browse source 
mktemp: Prevent race condition when setting permissions for tempdir
This commit is contained in:
Sylvestre Ledru 2025-04-09 07:04:33 -04:00 committed by GitHub
commit 9cb4348a55
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/uu/mktemp/src/mktemp.rs
View file

@ -458,12 +458,18 @@ fn dry_exec(tmpdir: &Path, prefix: &str, rand: usize, suffix: &str) -> UResult<P
fn make_temp_dir(dir: &Path, prefix: &str, rand: usize, suffix: &str) -> UResult<PathBuf> { fn make_temp_dir(dir: &Path, prefix: &str, rand: usize, suffix: &str) -> UResult<PathBuf> {
let mut builder = Builder::new(); let mut builder = Builder::new();
builder.prefix(prefix).rand_bytes(rand).suffix(suffix); builder.prefix(prefix).rand_bytes(rand).suffix(suffix);
// On *nix platforms grant read-write-execute for owner only.
// The directory is created with these permission at creation time, using mkdir(3) syscall.
// This is not relevant on Windows systems. See: https://docs.rs/tempfile/latest/tempfile/#security
// `fs` is not imported on Windows anyways.
#[cfg(not(windows))]
builder.permissions(fs::Permissions::from_mode(0o700));
match builder.tempdir_in(dir) { match builder.tempdir_in(dir) {
Ok(d) => { Ok(d) => {
// `into_path` consumes the TempDir without removing it // `into_path` consumes the TempDir without removing it
let path = d.into_path(); let path = d.into_path();
#[cfg(not(windows))]
fs::set_permissions(&path, fs::Permissions::from_mode(0o700))?;
Ok(path) Ok(path)
} }
Err(e) if e.kind() == ErrorKind::NotFound => { Err(e) if e.kind() == ErrorKind::NotFound => {