From 5e63e54f589b25af550f0d4e28e3c28e0a337c0d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Nov 2019 13:52:22 +1300 Subject: [PATCH] lib/util: change file_save_mode() to use O_EXCL Almost all the callers are debug tools or developer debugging aids and these callers clearly expect to create a new file. Unchanged in behaviour is: - TLS certificate creation. This already confirms the files do no exist prior to generation. These will now no longer overwrite the given filename - net ads pac save - net eventlog export Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- WHATSNEW.txt | 7 +++++++ lib/util/util_file.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cc43b29b3d1..376cd2862f1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -53,6 +53,13 @@ cryptography effectively wraps bad cryptography, but for now that above applies. +"net ads kerberos pac save" and "net eventlog export" +----------------------------------------------------- + +The "net ads kerberos pac save" and "net eventlog export" tools will +no longer silently overwrite an existing file during data export. If +the filename given exits, an error will be shown. + REMOVED FEATURES ================ diff --git a/lib/util/util_file.c b/lib/util/util_file.c index 5260ee9d721..0c890f9b5ea 100644 --- a/lib/util/util_file.c +++ b/lib/util/util_file.c @@ -329,7 +329,7 @@ _PUBLIC_ bool file_save_mode(const char *fname, const void *packet, { ssize_t num_written; int fd; - fd = open(fname, O_WRONLY|O_CREAT|O_TRUNC, mode); + fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, mode); if (fd == -1) { return false; } -- 2.34.1