man/man-db-2.5.0-security4.dif

33 lines
872 B
Plaintext
Raw Normal View History

--- src/mandb.c
+++ src/mandb.c 2007-12-07 18:59:06.546515903 +0100
@@ -34,6 +34,7 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h> /* for chmod() */
+#include <fcntl.h> /* for open () */
#include <dirent.h>
#if defined(STDC_HEADERS)
@@ -393,11 +394,20 @@ static short mandb (const char *catpath,
char pid[23];
short amount;
char *dbname;
+ int fd;
dbname = mkdbname (catpath);
sprintf (pid, "%d", getpid ());
database = strappend (NULL, catpath, "/", pid, NULL);
-
+
+ /* Just for the case that catpath isn't a system catpath */
+ drop_effective_privs ();
+ fd = open (database, O_WRONLY | O_CREAT | O_EXCL, 0644);
+ regain_effective_privs ();
+ if (fd < 0)
+ error (FATAL, errno, _("can't create a temporary filename"));
+ close(fd);
+
if (!quiet)
printf (_("Processing manual pages under %s...\n"), manpath);
#ifdef NDBM