Make use of O_TMPFILE for more secure temporary file creation, when that

option is available.

FossilOrigin-Name: 094fc6da0768ea0ec4b4d3dc020cd6025aab341550d6cea6be7487ac570f9171

diff --git a/manifest b/manifest
index f875b8a5a87afa475310db3a056e8ecf67d0bcf3..793dd97f512c033d43444acc41128975f3d799a1 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Version\s3.53.0
-D 2026-04-09T11:41:38.498
+C Make\suse\sof\sO_TMPFILE\sfor\smore\ssecure\stemporary\sfile\screation,\swhen\sthat\noption\sis\savailable.
+D 2026-04-09T14:12:09.859
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -719,7 +719,7 @@ F src/os.h 1ff5ae51d339d0e30d8a9d814f4b8f8e448169304d83a7ed9db66a65732f3e63
 F src/os_common.h 6c0eb8dd40ef3e12fe585a13e709710267a258e2c8dd1c40b1948a1d14582e06
 F src/os_kv.c e7d96727db5b67e39d590a68cc61c86daf4c093c36c011a09ebfb521182ec28d
 F src/os_setup.h 8efc64eda6a6c2f221387eefc2e7e45fd5a3d5c8337a7a83519ba4fbd2957ae2
-F src/os_unix.c fa5e09b4df35ad845440cad67b86908cfe1fd4c28c51915f82e23633d1992bf4
+F src/os_unix.c a07dce662f6c4e18098f6faa9f7ec7cf311f56ee9151bed2aad4dcd55852c9e2
 F src/os_win.c 0d553b6e8b92c8eb85e7f1b4a8036fe8638c8b32c9ad8d9d72a861c10f81b4c5
 F src/os_win.h 5e168adf482484327195d10f9c3bce3520f598e04e07ffe62c9c5a8067c1037b
 F src/pager.c fe34fd22ec251436985d7b6ebdd05bf238a17901c2cb23d3d28974dd2361a912
@@ -2197,11 +2197,11 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P cda5dd9bcbef2135bb9855139a11d0e22a092f9498d82eb18e7d4401264b6eb8
-R 78f8c181262c6bdd7ab10b5492ff03ea
-T +sym-major-release *
-T +sym-release *
-T +sym-version-3.53.0 *
+P 4525003a53a7fc63ca75c59b22c79608659ca12f0131f52c18637f829977f20b
+R 8620cf4411d3ee800e21795293030726
+T *branch * o_tmpfile
+T *sym-o_tmpfile *
+T -sym-trunk *
 U drh
-Z 5cc2d306947f7e965f5f798b08602c26
+Z c35d74d8270d74b882ed210a9b661389
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.tags b/manifest.tags
index 368ef71f655f60f3063053b86bc19f1ecf5b886a..3ff82e2e56f88c588140222fda7099364221ffe7 100644 (file)
--- a/manifest.tags
+++ b/manifest.tags
@@ -1,5 +1,2 @@
-branch trunk
-tag trunk
-tag release
-tag major-release
-tag version-3.53.0
+branch o_tmpfile
+tag o_tmpfile

diff --git a/manifest.uuid b/manifest.uuid
index dd0205708e3892a8b7ad3ff79effc6461be7194c..c42af0fd62846f9a1f2c8bf838629b1bc75201e9 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4525003a53a7fc63ca75c59b22c79608659ca12f0131f52c18637f829977f20b
+094fc6da0768ea0ec4b4d3dc020cd6025aab341550d6cea6be7487ac570f9171

diff --git a/src/os_unix.c b/src/os_unix.c
index 2f75829c85450816bef2a89ff0af331b89b4cb0c..3267d021383b3251136a14ca95234c7ad84f36aa 100644 (file)
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -6646,7 +6646,22 @@ static int unixOpen(
 
   }else if( !zName ){
     /* If zName is NULL, the upper layer is requesting a temp file. */
-    assert(isDelete && !isNewJrnl);
+    assert( isDelete );
+    assert( !isNewJrnl );
+    assert( isExclusive );
+    assert( isReadWrite );
+#if defined(__linux__) && defined(O_TMPFILE)
+    /* On systems that support O_TMPFILE, use that flag to create a more
+    ** secure temporary file that cannot be accessed by other processes
+    */
+    zName = unixTempFileDir();
+    if( zName 
+     && (fd = robust_open(zName, O_RDWR|O_CREAT|O_EXCL|O_TMPFILE, 0600))>=0
+    ){
+      rc = fillInUnixFile(pVfs, fd, pFile, zPath, ctrlFlags);
+      goto open_finished;
+    }
+#endif
     rc = unixGetTempname(pVfs->mxPathname, zTmpname);
     if( rc!=SQLITE_OK ){
       return rc;