>From 97b555c1f19d442471c39d3e37716af6d41ff209 Mon Sep 17 00:00:00 2001
From: Assaf Gordon <address@hidden>
Date: Fri, 30 Aug 2019 14:35:24 -0600
Subject: [PATCH] sed: set correct umask on temporary files

"sed -i" now creates temporary files with correct umask (limited to u=rwx).
Previously sed would incorrectly set umask, and combined with mkostemp
creating file with mode 0600, the result would be a file with
permission mode 0.

Reported privately by Dr N.W. Filardo <address@hidden>:
  "The net effect is that this patch does not do what it says on the tin:
   it does not improve the security story at all.  Things continue to
   function because the subsequent operations are via f*() APIs, which
   take the open file handle, and in particular fchmod() will put the
   bits back to something sensible.

   However, when running atop, for example, fuse-style filesystems which do
   not keep open descriptors to underlying files, this is catastrophic:
   the underlying file will have I_SRWXU of zero, and so the filesystem
   server will be unable to open the file for the fchmod() and that's
   the end of that."

This change was made in commit 5156c19b23c41f438bf8658e1b9a43a5ff136835
and was released in sed 4.2.1.

* NEWS: Mention change.
* sed/utils.c (ck_mkstemp): Set correct umask.
---
 NEWS        | 7 +++++++
 sed/utils.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 0c1aa73..edc3692 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,13 @@ GNU sed NEWS                                    -*- outline -*-
 
 * Noteworthy changes in release ?.? (????-??-??) [?]
 
+** Bug fixes
+
+  "sed -i" now creates temporary files with correct umask (limited to u=rwx).
+  Previously sed would incorrectly set umask on temporary files, resulting
+  in problems under certain fuse-like file systems.
+  [bug introduced in sed 4.2.1]
+
 
 * Noteworthy changes in release 4.7 (2018-12-20) [stable]
 
diff --git a/sed/utils.c b/sed/utils.c
index 4028d98..2e74654 100644
--- a/sed/utils.c
+++ b/sed/utils.c
@@ -181,7 +181,7 @@ ck_mkstemp (char **p_filename, const char *tmpdir,
    /* The ownership might change, so omit some permissions at first
       so unauthorized users cannot nip in before the file is ready.
       mkstemp forces O_BINARY on cygwin, so use mkostemp instead.  */
-  mode_t save_umask = umask (0700);
+  mode_t save_umask = umask (0077);
   int fd = mkostemp (template, 0);
   umask (save_umask);
   if (fd == -1)
-- 
2.20.1