On Thu, 18 Feb 2021, Salvatore Bonaccorso wrote: > On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote:
> > The recently applied patch still creates the file with the default > > umask[0], before chmod'ing down to 0600, so an attacker could still open > > it in the meantime. > > FTR, this has been fixed upstream. > > https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e | Note that a downside of this solution is that it is global: `umask()` affects | all file creation calls in the process. I believe this is safe since | […] thread […] Why don’t you use a nōn-global solution then? Instead of fopen(…) do an open(…, 0600) followed by fdopen(). bye, //mirabilos -- Sometimes they [people] care too much: pretty printers [and syntax highligh- ting, d.A.] mechanically produce pretty output that accentuates irrelevant detail in the program, which is as sensible as putting all the prepositions in English text in bold font. -- Rob Pike in "Notes on Programming in C"
