Race condition allows attacker to access world-readable destination file

[sdelafond]

The patches for #1630 still create the file with the default umask, before chmod'ing down to 0600, so an attacker could still open it in the meantime. inotify can for instance help automating such an attack.

zstd should either set the mode directly through open(2), or use umask(2) before creating the file.

This is Debian bug https://bugs.debian.org/982519.

[carnil]

It was suggested in https://bugs.debian.org/981404#28 to do something like:

fd = open(dstFileName, O_WRONLY|O_CREAT|O_EXCL, 0600);
if (fd != -1)
    f = fdopen( fd, "wb" );
if (fd == -1 || f == NULL)
    DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
return f;

[felixhandte]

Thanks for the report. The fix has been merged to dev and will go out in the next release.