[Debian-med-packaging] Bug#982519: zstd: Race condition allows attacker to access world-readable destination file

[Thorsten Glaser]

On Thu, 18 Feb 2021, Salvatore Bonaccorso wrote:
> On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote:

> > The recently applied patch still creates the file with the default
> > umask[0], before chmod'ing down to 0600, so an attacker could still open
> > it in the meantime.
>
> FTR, this has been fixed upstream.
>
> https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e

| Note that a downside of this solution is that it is global: `umask()` affects
| all file creation calls in the process. I believe this is safe since
| […] thread […]

Why don’t you use a nōn-global solution then?

Instead of fopen(…) do an open(…, 0600) followed by fdopen().

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.	-- Rob Pike in "Notes on Programming in C"