From ca478cf8195bf996f7c9389caa9ae4e25fc0177c Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 1 Aug 2023 13:56:03 +0200
Subject: [PATCH] pdnsutil: Set a proper umask before writing the temporary
 zone file

This does not matter on Linux where mkstemp ensures that "the file
is created with permissions 0600 that is, read plus write for owner
only" but it might on other systems as POSIX does not require mkstemp
to do so.
Reported by Coverity as CID 1501165.
---
 pdns/pdnsutil.cc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 54d02d35bb..bdf0d3347b 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -32,6 +32,7 @@
 #include <fstream>
 #include <utility>
 #include <cerrno>
+#include <sys/stat.h>
 #include <termios.h>            //termios, TCSANOW, ECHO, ICANON
 #include "opensslsigners.hh"
 #ifdef HAVE_LIBSODIUM
@@ -1171,6 +1172,13 @@ static int editZone(const DNSName &zone, const PDNSColors& col) {
     cerr << "Zone '" << zone << "' not found!" << endl;
     return EXIT_FAILURE;
   }
+
+  /* ensure that the temporary file will only
+     be accessible by the current user, not even
+     by other users in the same group, and certainly
+     not by other users.
+  */
+  umask(S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
   vector<DNSRecord> pre, post;
   char tmpnam[]="/tmp/pdnsutil-XXXXXX";
   int tmpfd=mkstemp(tmpnam);
-- 
2.47.2