Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing
|Summary:||[regr] OOo temporary files readable by non-privileged users|
|Component:||ui||Assignee:||Olaf Felka <olaf-openoffice>|
|Status:||CLOSED FIXED||QA Contact:||issues@framework <issues>|
|Target Milestone:||OOo 2.0|
|Issue Type:||DEFECT||Latest Confirmation in:||---|
Description flibby05 2005-04-01 11:07:19 UTC
Files in OOo's temporary directory are being created with filemask 0722. Instead they should be 0700 as 1.1.4 does.
Comment 1 flibby05 2005-04-01 11:08:07 UTC
not an april joke :-), set target 2.0
Comment 2 Olaf Felka 2005-04-01 12:59:50 UTC
of @ hro: Please have a look.
Comment 3 hennes.rohling 2005-04-05 09:55:15 UTC
Comment 4 hennes.rohling 2005-04-05 17:37:50 UTC
OOo temporary files are created with 700 access rights. Code looks like this umask(077) create temp file umak(oldmask)
Comment 5 hennes.rohling 2005-04-05 17:38:26 UTC
Comment 6 flibby05 2005-04-05 21:00:42 UTC
cloph, could you do me a favour and have a look a this issue? i tested again, same result, i can send straces on request.
Comment 7 hennes.rohling 2005-04-06 09:46:23 UTC
hro@maxweber: Maybe we are talking about different things. I used m90 and OOo creates a directory svxxx.tmp in /usr/tmp. Inside this directory every file created (f.e. while editing a document) has 700 access rights. That's exactly what is expected when I look at the corresponding code. So could you please describe what action you have taken when the tempfiles you're talking about were created.
Comment 8 flibby05 2005-04-06 10:25:10 UTC
maxweber@hro: >>I used m90 i used m89 and m90-s1 pjanik build on SuSE 9.2. As i understand Pjanik builds install as workstation builds with their own flatfile RPM database when using the ./install script. >> OOo creates a directory svxxx.tmp in /usr/tmp. confirm, however here it gets created in /tmp.
Comment 9 hennes.rohling 2005-04-06 14:13:02 UTC
hro@maxweber: You were right, my umask was wrong. There actually is code that does not use the SAL tempfile API and this is broken from 1.1.4 to 2.0.
Comment 10 hennes.rohling 2005-04-06 14:14:55 UTC
hro@mav: As decided along with mba this is yours. This is a showstopper, please contact QA for approval.
Comment 11 mikhail.voytenko 2005-04-06 16:17:08 UTC
The fix is integrated into olefix cws.
Comment 12 mikhail.voytenko 2005-04-12 10:06:03 UTC
Please verify the issue. re-open issue and reassign to firstname.lastname@example.org
Comment 14 mikhail.voytenko 2005-04-12 10:06:18 UTC
reset resolution to FIXED
Comment 15 Olaf Felka 2005-04-13 09:17:45 UTC
OF: Verified in cws olefix.
Comment 16 Olaf Felka 2005-04-21 12:17:38 UTC
Ok in master m95