Hi,
The patch in this bug report very much shrinks the window of the
vulnerability, but doesn't close it completely: the file is still
created with default permissions, then chmodded as a separate step.
It's hard, but not impossible to still win the race and open the file
before the chmod, enabling the same attack. I recommend something like
fd = open(dstFileName, O_WRONLY|O_CREAT|O_EXCL, 0600);
if (fd != -1)
f = fdopen( fd, "wb" );
if (fd == -1 || f == NULL)
DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
return f;
for example.
--
Regards,
Feri
