From 1c254b330490216857b5b79a071ca4a8ca6bb522 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 8 Jul 2025 07:49:07 -0600 Subject: [PATCH] visudo: create temporary file as mod 0600 not 0700 This was due to a typo in the mode field when the temporary file was created. Noticed by Bjorn Baron of the sudo-rs project. --- plugins/sudoers/visudo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 18fb24157..8958d52dd 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -499,7 +499,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, if (sp->tpath == NULL) { if (asprintf(&sp->tpath, "%s.tmp", sp->dpath) == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU|S_IRUSR); + tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); if (tfd < 0) sudo_fatal("%s", sp->tpath);