Bug 86097

Summary: Fopen hardcodes 0666 as mode
Product: [Retired] Red Hat Linux Reporter: William Au <billa>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED NOTABUG QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-03-14 20:44:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description William Au 2003-03-13 21:34:33 UTC
Description of problem: 

Fopen hardcodes 0666 as mode.  So during an rpm install, the files created
will have a mode of 666 and thus can be overwritten by anyone on the system
until chmod() is called.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Jeff Johnson 2003-03-14 20:44:04 UTC
No, files are created 0666 iff umask is 000, and that's
a configuration choice and/or problem.

Fopen calls open(2), and the mode passed to the system call
is adjusted by the current umask, typically 022, resulting
in mode 0644 for newly created files.