Close a very small window during which new (empty) instances of rotated log

files are owned by the caller of newsyslog (usually root:wheel) even if
alternative ownerships were specified in newsyslog.conf.

Note that this is part of a wider problem which is fully addressed in
OpenBSD.  Anyone with the time and inclination to incorporate the full
fix for the wider problem will receive no complaints from me and should
feel free to walk all over this delta.

PR:		bin/36738
MFC after:	1 week

1 files changed, 13 insertions, 4 deletions

diff --git a/usr.sbin/newsyslog/newsyslog.c b/usr.sbin/newsyslog/newsyslog.c
index 0f9d4d3..1907f8f 100644
--- a/usr.sbin/newsyslog/newsyslog.c
+++ b/usr.sbin/newsyslog/newsyslog.c
@@ -513,6 +513,7 @@ dotrim(char *log, const char *pid_file, int numdays, int flags, int perm,
 	char file1[MAXPATHLEN], file2[MAXPATHLEN];
 	char zfile1[MAXPATHLEN], zfile2[MAXPATHLEN];
 	char jfile1[MAXPATHLEN];
+	char tfile[MAXPATHLEN];
 	int notified, need_notification, fd, _numdays;
 	struct stat st;
 	pid_t pid;
@@ -644,20 +645,28 @@ dotrim(char *log, const char *pid_file, int numdays, int flags, int perm,
 	if (noaction)
 		printf("Start new log...");
 	else {
-		fd = creat(log, perm);
+		strlcpy(tfile, log, sizeof(tfile));
+		strlcat(tfile, ".XXXXXX", sizeof(tfile));
+		mkstemp(tfile);
+		fd = creat(tfile, perm);
 		if (fd < 0)
 			err(1, "can't start new log");
 		if (fchown(fd, owner_uid, group_gid))
 			err(1, "can't chmod new log file");
 		(void) close(fd);
 		if (!(flags & CE_BINARY))
-			if (log_trim(log))	/* Add status message */
+			if (log_trim(tfile))	/* Add status message */
 				err(1, "can't add status message to log");
 	}
 	if (noaction)
 		printf("chmod %o %s...\n", perm, log);
-	else
-		(void) chmod(log, perm);
+	else {
+		(void) chmod(tfile, perm);
+		if (rename(tfile, log) < 0) {
+			err(1, "can't start new log");
+			(void) unlink(tfile);
+		}
+	}
 
 	pid = 0;
 	need_notification = notified = 0;