Fix insecure tempfile handling

Reviewed by: audit@freebsd.org
author: kris <kris@FreeBSD.org> 2000-01-16 21:08:58 +0000
committer: kris <kris@FreeBSD.org> 2000-01-16 21:08:58 +0000
commit: 9861a8004bb87d233aa436f493dbcff888738257 (patch)
tree: 797b9812eb092c787932ab5f3182734e0147abe0 /sbin/ldconfig
parent: fb35998cf918637e001eab3ebc4e918f7e74f437 (diff)
download: FreeBSD-src-9861a8004bb87d233aa436f493dbcff888738257.zip
FreeBSD-src-9861a8004bb87d233aa436f493dbcff888738257.tar.gz
1 files changed, 4 insertions, 8 deletions
diff --git a/sbin/ldconfig/ldconfig.c b/sbin/ldconfig/ldconfig.c
index 01bbe1f..07e5abc 100644
--- a/sbin/ldconfig/ldconfig.c
+++ b/sbin/ldconfig/ldconfig.c
@@ -465,17 +465,13 @@ buildhints()
 		errx(1, "str_index(%d) != strtab_sz(%d)", str_index, strtab_sz);
 	}
 
-	tmpfile = concat(hints_file, ".XXXXXX", "");
-	if ((tmpfile = mktemp(tmpfile)) == NULL) {
-		warn("%s", tmpfile);
-		return -1;
-	}
-
+	tmpfile = concat(hints_file, ".XXXXXXXXXX", "");
 	umask(0);	/* Create with exact permissions */
-	if ((fd = open(tmpfile, O_RDWR|O_CREAT|O_TRUNC, 0444)) == -1) {
-		warn("%s", hints_file);
+	if ((fd = mkstemp(tmpfile)) == -1) {
+		warn("%s", tmpfile);
 		return -1;
 	}
+	fchmod(fd, 0444);
 
 	if (write(fd, &hdr, sizeof(struct hints_header)) !=
 						sizeof(struct hints_header)) {
author	kris <kris@FreeBSD.org>	2000-01-16 21:08:58 +0000
committer	kris <kris@FreeBSD.org>	2000-01-16 21:08:58 +0000
commit	9861a8004bb87d233aa436f493dbcff888738257 (patch)
tree	797b9812eb092c787932ab5f3182734e0147abe0 /sbin/ldconfig
parent	fb35998cf918637e001eab3ebc4e918f7e74f437 (diff)
download	FreeBSD-src-9861a8004bb87d233aa436f493dbcff888738257.zip FreeBSD-src-9861a8004bb87d233aa436f493dbcff888738257.tar.gz