listener: ensure history and temp files are rw-------.

For security, the temporary files used by the "edit in
external editor" feature of the listener, as well as the
listener history file, should be readable and writable only to
the owner.

This relates to Debian bug 832460 against the Linenoise
library:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460

In the TXR fork of the linenoise library, since we have an OS
abstraction invoked by callback functions, we fix this
entirely outside of linenoise.

I don't agree with the upstream approach of fiddling with the
umask and doing a chmod on the path.

Since we are truncating and overwriting the file, all we
have to do is, before writing any data, fchmod it to the
required permissions.

* parser.c (lino_open): If the file is being open for
overwriting, then let's set its permissions so that it's
readable and writable for the user only.

1 files changed, 10 insertions, 3 deletions

diff --git a/parser.c b/parser.c
index 2710a1e3..0d526ba5 100644
--- a/parser.c
+++ b/parser.c
@@ -41,6 +41,9 @@
 #ifdef __CYGWIN__
 #include <sys/utsname.h>
 #endif
+#if HAVE_SYS_STAT
+#include <sys/stat.h>
+#endif
 #include "lib.h"
 #include "signal.h"
 #include "unwind.h"
@@ -1520,11 +1523,15 @@ static mem_t *lino_open(const wchar_t *name_in, lino_file_mode_t mode_in)
 {
   val name = string(name_in);
   val mode = static_str(lino_mode_str[mode_in]);
-  mem_t *ret = 0;
+  val ret = 0;
   ignerr_begin;
-  ret = coerce(mem_t *, open_file(name, mode));
+  ret = open_file(name, mode);
+#if HAVE_CHMOD
+  if (mode_in == lino_overwrite)
+    (void) fchmod(c_num(stream_fd(ret)), S_IRUSR | S_IWUSR);
+#endif
   ignerr_end;
-  return ret;
+  return coerce(mem_t *, ret);
 }
 
 static mem_t *lino_open8(const char *name_in, lino_file_mode_t mode_in)