vipw: Prefer fchmod/fchown over chmod/chown

Use file descriptor functions when file descriptor is available, instead
of path based operations. The latter resolve symbolic links and are
prone to race conditions.

Reported-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/src/vipw.c b/src/vipw.c
index da922abe94da78634ca8e1206d8985e27f44d059..5ffd168060353116f1a92f6274f932928025355f 100644 (file)
--- a/src/vipw.c
+++ b/src/vipw.c
@@ -132,16 +132,18 @@ static int create_backup_file (FILE * fp, char *backup, struct stat *sb)
                unlink (backup);
                return -1;
        }
-       if (fclose (bkfp) != 0) {
-               unlink (backup);
-               return -1;
-       }
 
        ub.actime = sb->st_atime;
        ub.modtime = sb->st_mtime;
        if (   (utime (backup, &ub) != 0)
-           || (chmod (backup, sb->st_mode) != 0)
-           || (chown (backup, sb->st_uid, sb->st_gid) != 0)) {
+           || (fchmod(fileno(bkfp), sb->st_mode) != 0)
+           || (fchown(fileno(bkfp), sb->st_uid, sb->st_gid) != 0)) {
+               fclose(bkfp);
+               unlink (backup);
+               return -1;
+       }
+
+       if (fclose (bkfp) != 0) {
                unlink (backup);
                return -1;
        }