tighten security

author: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-24 19:33:30 +0300
committer: Aleksey Manevich <manevich.aleksey@gmail.com> 2016-08-24 20:07:27 +0300
commit: 0ee599684c4ca622ca22d09eba565eb07c1a2b12 (patch)
tree: d60b6544a402e86269be79d44e15c1197d43b54f /src/firejail/fs_mkdir.c
parent: SET_PERMS macros (diff)
download: firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.gz
firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.zst
firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 5bc2df2cc..b2a5927e6 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -119,9 +119,12 @@ void fs_mkfile(const char *name) {
                if (!fp)
                        fprintf(stderr, "Warning: cannot create %s file\n", expanded);
                else {
-                        fclose(fp);
+                        int fd = fileno(fp);
-                        int rv = chmod(expanded, 0600);
+                        if (fd == -1)
+                                errExit("fileno");
+                        int rv = fchmod(fd, 0600);
                        (void) rv;
+                        fclose(fp);
                }
                exit(0);
        }
author	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-24 19:33:30 +0300
committer	Aleksey Manevich <manevich.aleksey@gmail.com>	2016-08-24 20:07:27 +0300
commit	0ee599684c4ca622ca22d09eba565eb07c1a2b12 (patch)
tree	d60b6544a402e86269be79d44e15c1197d43b54f /src/firejail/fs_mkdir.c
parent	SET_PERMS macros (diff)
download	firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.gz firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.tar.zst firejail-0ee599684c4ca622ca22d09eba565eb07c1a2b12.zip