[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] 03/06: Remove 'umask' calls from 'mkdir'.
From: |
Andy Wingo |
Subject: |
[Guile-commits] 03/06: Remove 'umask' calls from 'mkdir'. |
Date: |
Wed, 1 Mar 2017 14:02:59 -0500 (EST) |
wingo pushed a commit to branch master
in repository guile.
commit 844b2cf7586c31c01ab8e255d8a21aa836b7ff0b
Author: Ludovic Courtès <address@hidden>
Date: Tue Oct 11 10:14:26 2016 +0200
Remove 'umask' calls from 'mkdir'.
Fixes <http://bugs.gnu.org/24659>.
* libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
unbound; instead, use 0777 as the mode. Update docstring to clarify
this.
* doc/ref/posix.texi (File System): Adjust accordingly.
* NEWS: Mention it.
---
NEWS | 14 +++++++++++++-
doc/ref/posix.texi | 7 ++++---
libguile/filesys.c | 25 ++++++++++---------------
3 files changed, 27 insertions(+), 19 deletions(-)
diff --git a/NEWS b/NEWS
index 2126813..7fa279a 100644
--- a/NEWS
+++ b/NEWS
@@ -996,9 +996,21 @@ Changes in 2.0.13 (since 2.0.12):
See "File System" in the manual, for more.
* Bug fixes
+
+** 'mkdir' procedure no longer calls umask(2) (<http://bugs.gnu.org/24659>)
+
+When the second argument to the 'mkdir' procedure was omitted, it would
+call umask(0) followed by umask(previous_umask) and apply the umask to
+mode #o777.
+
+This was unnecessary and a security issue for multi-threaded
+applications: during a small window the process' umask was set to zero,
+so other threads calling mkdir(2) or open(2) could end up creating
+world-readable/writable/executable directories or files.
+
** Fix optimizer bug when compiling fixpoint operator
** Fix build error on MinGW
-** Update `uname' implementation on MinGW
+** Update 'uname' implementation on MinGW
Changes in 2.0.12 (since 2.0.11):
diff --git a/doc/ref/posix.texi b/doc/ref/posix.texi
index 6f9ce54..64e668d 100644
--- a/doc/ref/posix.texi
+++ b/doc/ref/posix.texi
@@ -870,9 +870,10 @@ Create a symbolic link named @var{newpath} with the value
(i.e., pointing to)
@deffn {Scheme Procedure} mkdir path [mode]
@deffnx {C Function} scm_mkdir (path, mode)
Create a new directory named by @var{path}. If @var{mode} is omitted
-then the permissions of the directory file are set using the current
-umask (@pxref{Processes}). Otherwise they are set to the decimal
-value specified with @var{mode}. The return value is unspecified.
+then the permissions of the directory are set to @code{#o777}
+masked with the current umask (@pxref{Processes, @code{umask}}).
+Otherwise they are set to the value specified with @var{mode}.
+The return value is unspecified.
@end deffn
@deffn {Scheme Procedure} rmdir path
diff --git a/libguile/filesys.c b/libguile/filesys.c
index 478369d..f185601 100644
--- a/libguile/filesys.c
+++ b/libguile/filesys.c
@@ -1,5 +1,5 @@
/* Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2004, 2006,
- * 2009, 2010, 2011, 2012, 2013, 2014 Free Software Foundation, Inc.
+ * 2009, 2010, 2011, 2012, 2013, 2014, 2016 Free Software Foundation, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
@@ -1258,26 +1258,21 @@ SCM_DEFINE (scm_getcwd, "getcwd", 0, 0, 0,
SCM_DEFINE (scm_mkdir, "mkdir", 1, 1, 0,
(SCM path, SCM mode),
"Create a new directory named by @var{path}. If @var{mode} is
omitted\n"
- "then the permissions of the directory file are set using the
current\n"
- "umask. Otherwise they are set to the decimal value specified
with\n"
- "@var{mode}. The return value is unspecified.")
+ "then the permissions of the directory are set to @code{#o777}\n"
+ "masked with the current umask (@pxref{Processes, @code{umask}}).\n"
+ "Otherwise they are set to the value specified with @var{mode}.\n"
+ "The return value is unspecified.")
#define FUNC_NAME s_scm_mkdir
{
int rv;
- mode_t mask;
+ mode_t c_mode;
- if (SCM_UNBNDP (mode))
- {
- mask = umask (0);
- umask (mask);
- STRING_SYSCALL (path, c_path, rv = mkdir (c_path, 0777 ^ mask));
- }
- else
- {
- STRING_SYSCALL (path, c_path, rv = mkdir (c_path, scm_to_uint (mode)));
- }
+ c_mode = SCM_UNBNDP (mode) ? 0777 : scm_to_uint (mode);
+
+ STRING_SYSCALL (path, c_path, rv = mkdir (c_path, c_mode));
if (rv != 0)
SCM_SYSERROR;
+
return SCM_UNSPECIFIED;
}
#undef FUNC_NAME
- [Guile-commits] branch master updated (8f7ed8a -> b473598), Andy Wingo, 2017/03/01
- [Guile-commits] 02/06: %port-encoding requires an open port, Andy Wingo, 2017/03/01
- [Guile-commits] 01/06: http: Do not use 'eq?' to compare characters in parse-request-uri., Andy Wingo, 2017/03/01
- [Guile-commits] 06/06: tests: Use the "normalized codeset" in locale names., Andy Wingo, 2017/03/01
- [Guile-commits] 03/06: Remove 'umask' calls from 'mkdir'.,
Andy Wingo <=
- [Guile-commits] 05/06: Treat 'SIG_IGN' as a pointer., Andy Wingo, 2017/03/01
- [Guile-commits] 04/06: Document 'scm_to_uintptr_t' and 'scm_from_uintptr_t'., Andy Wingo, 2017/03/01