On Sun, May 30, 2021 at 08:01:21PM +0100, Peter Maydell wrote: > On Wed, 26 May 2021 at 10:14, Stefan Hajnoczi <stefa...@redhat.com> wrote: > > > > The Linux man page for mkstemp(3) states: > > > > In glibc versions 2.06 and earlier, the file is created with > > permissions 0666, that is, read and write for all users. This old > > behavior may be a security risk, especially since other UNIX flavors > > use 0600, and somebody might overlook this detail when porting > > programs. POSIX.1-2008 adds a requirement that the file be created > > with mode 0600. > > > > More generally, the POSIX specification of mkstemp() does not say > > anything about file modes, so the application should make sure its > > file mode creation mask (see umask(2)) is set appropriately before > > calling mkstemp() (and mkostemp()). > > > > glibc 2.0.6 was released in 1997 and POSIX caught up in 2008. macOS and > > FreeBSD also use POSIX-compliant 0600 permissions. > > > > At this point the Coverity warning seems archaic and no longer useful, > > but go ahead and silence it. > > We had a lot of these on other uses of mkstemp() in tests/ -- I > have been simply marking them as false-positive on the same grounds > that you cite above. I would suggest we do the same here rather > than having this one test do something different with mkstemp(). > > (If we really wanted to handle ancient glibc, we should do that > by having a qemu_mkstemp() or something. But it doesn't seem > worthwhile...)
Sounds good. I have updated Coverity. Stefan
signature.asc
Description: PGP signature
