pdnsutil: Set a proper umask before writing the temporary zone file

This does not matter on Linux where mkstemp ensures that "the file
is created with permissions 0600 that is, read plus write for owner
only" but it might on other systems as POSIX does not require mkstemp
to do so.
Reported by Coverity as CID 1501165.

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 54d02d35bb5b5fe556126c369ae37e9416026df3..bdf0d3347b977f1cc8e93512ff311dbf611f18ab 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -32,6 +32,7 @@
 #include <fstream>
 #include <utility>
 #include <cerrno>
+#include <sys/stat.h>
 #include <termios.h>            //termios, TCSANOW, ECHO, ICANON
 #include "opensslsigners.hh"
 #ifdef HAVE_LIBSODIUM
@@ -1171,6 +1172,13 @@ static int editZone(const DNSName &zone, const PDNSColors& col) {
     cerr << "Zone '" << zone << "' not found!" << endl;
     return EXIT_FAILURE;
   }
+
+  /* ensure that the temporary file will only
+     be accessible by the current user, not even
+     by other users in the same group, and certainly
+     not by other users.
+  */
+  umask(S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
   vector<DNSRecord> pre, post;
   char tmpnam[]="/tmp/pdnsutil-XXXXXX";
   int tmpfd=mkstemp(tmpnam);