flashrom: set umask before creating temporary files
Good security practice. Set to 077; resultant file permissions are:
-rw-------
BUG=b:160717634
BRANCH=none
TEST=unit tests
Change-Id: Ib3b853c824be4c98e7b9ddd31797104ec4ab67a9
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2302962
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
diff --git a/futility/updater_utils.c b/futility/updater_utils.c
index 6e2d358..e87094b 100644
--- a/futility/updater_utils.c
+++ b/futility/updater_utils.c
@@ -7,6 +7,8 @@
#include <assert.h>
#include <limits.h>
+#include <sys/stat.h>
+#include <sys/types.h>
#include <unistd.h>
#include "2common.h"
@@ -697,8 +699,12 @@
struct tempfile *new_temp;
char new_path[] = P_tmpdir "/fwupdater.XXXXXX";
int fd;
+ mode_t umask_save;
+ /* Set the umask before mkstemp for security considerations. */
+ umask_save = umask(077);
fd = mkstemp(new_path);
+ umask(umask_save);
if (fd < 0) {
ERROR("Failed to create new temp file in %s\n", new_path);
return NULL;
diff --git a/host/lib/flashrom.c b/host/lib/flashrom.c
index 10a5fa8..b1647ae 100644
--- a/host/lib/flashrom.c
+++ b/host/lib/flashrom.c
@@ -13,6 +13,8 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
#include <unistd.h>
#include "2api.h"
@@ -43,11 +45,15 @@
ssize_t write_rv;
vb2_error_t rv;
char *path;
+ mode_t umask_save;
*path_out = NULL;
path = strdup(P_tmpdir "/vb2_flashrom.XXXXXX");
+ /* Set the umask before mkstemp for security considerations. */
+ umask_save = umask(077);
fd = mkstemp(path);
+ umask(umask_save);
if (fd < 0) {
rv = VB2_ERROR_WRITE_FILE_OPEN;
goto fail;
