Issue 46469 - [regr] OOo temporary files readable by non-privileged users
Summary: [regr] OOo temporary files readable by non-privileged users
Status: CLOSED FIXED
Alias: None
Product: General
Classification: Code
Component: ui (show other issues)
Version: 680m89
Hardware: All Linux, all
: P2 Trivial (vote)
Target Milestone: OOo 2.0
Assignee: Olaf Felka
QA Contact: issues@framework
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-01 11:07 UTC by flibby05
Modified: 2005-04-21 12:17 UTC (History)
2 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description flibby05 2005-04-01 11:07:19 UTC
Files in OOo's temporary directory are being created with filemask 0722.
Instead they should be 0700 as 1.1.4 does.
Comment 1 flibby05 2005-04-01 11:08:07 UTC
not an april joke :-), set target 2.0
Comment 2 Olaf Felka 2005-04-01 12:59:50 UTC
of @ hro: Please have a look.
Comment 3 hennes.rohling 2005-04-05 09:55:15 UTC
Investigating.
Comment 4 hennes.rohling 2005-04-05 17:37:50 UTC
OOo temporary files are created with 700 access rights.  Code looks like this

umask(077)
create temp file
umak(oldmask)
Comment 5 hennes.rohling 2005-04-05 17:38:26 UTC
Closed.
Comment 6 flibby05 2005-04-05 21:00:42 UTC
cloph, could you do me a favour and have a look a this issue?

i tested again, same result, i can send straces on request.
Comment 7 hennes.rohling 2005-04-06 09:46:23 UTC
hro@maxweber: Maybe we are talking about different things.

I used m90 and OOo creates a directory svxxx.tmp in /usr/tmp. Inside this
directory every file created (f.e. while editing a document) has 700 access
rights. That's exactly what is expected when I look at the corresponding code.

So could you please describe what action you have taken when the tempfiles
you're talking about were created.
Comment 8 flibby05 2005-04-06 10:25:10 UTC
maxweber@hro:

>>I used m90

i used m89 and m90-s1 pjanik build on SuSE 9.2.
As i understand Pjanik builds install as workstation builds with their own
flatfile RPM database when using the ./install script.

>> OOo creates a directory svxxx.tmp in /usr/tmp.

confirm, however here it gets created in /tmp.
Comment 9 hennes.rohling 2005-04-06 14:13:02 UTC
hro@maxweber: You were right, my umask was wrong. There actually is code that
does not use the SAL tempfile API and this is broken from 1.1.4 to 2.0.
Comment 10 hennes.rohling 2005-04-06 14:14:55 UTC
hro@mav: As decided along with mba this is yours. This is a showstopper, please
contact QA for approval.
Comment 11 mikhail.voytenko 2005-04-06 16:17:08 UTC
The fix is integrated into olefix cws.
Comment 12 mikhail.voytenko 2005-04-12 10:06:03 UTC
Please verify the issue.

re-open issue and reassign to of@openoffice.org
Comment 13 mikhail.voytenko 2005-04-12 10:06:12 UTC
reassign to of@openoffice.org
Comment 14 mikhail.voytenko 2005-04-12 10:06:18 UTC
reset resolution to FIXED
Comment 15 Olaf Felka 2005-04-13 09:17:45 UTC
OF: Verified in cws olefix.
Comment 16 Olaf Felka 2005-04-21 12:17:38 UTC
Ok in master m95