[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

permission of files created by rpm install



I did a strace on a rpm install command.  I discovered that
it use a mode of 0666 to write the files initially.

open("/var/temp/testfile;3e70df2d", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 10

It then calls rename(), chmod(), and utime() after writing the files.
It looks like this is hard-coded into rpmio/rpmio.c. Isn't this a security hole?
The content of the file can be replaced by anyone on the system before
chmod() is called.


Bill





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []