Bug 112516
| Summary: | zip creates insecure temporary files | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <lsof> | ||||
| Component: | zip | Assignee: | Lon Hohberger <lhh> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 9 | CC: | mitr | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2004-04-19 14:21:57 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 96665 [details]
Change umask prior to temporary file creation
The files are created with the umask from the user's environment.
e.g. Typing "umask 0066" at the command line will alter this and all other
programs' file creation behavior.
I will include this fix for temporary file creation in the next build in
rawhide.
Package built; will appear in rawhide (zip-2.3-19) - waiting for rawhide push prior to closing. zip-2.3-20 is in rawhide. Closing. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Description of problem: zip can be used with the -t switch to specify a location for the temporary file it creates. The man page gives the following example: -b path Use the specified path for the temporary zip archive. For example: zip -b /tmp stuff * Unfortunately, zip creates a temporary file with world readable permissions: [not-root@host dir]$ ls -trlah /tmp/ -rw-r--r-- 1 root root 219M Dec 22 00:40 ziK2Os4N Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. zip -b /tmp/ -r something.zip folder/ 2. ls -trlah /tmp/ Additional info: