From 5535b05120fa3fd3d68a09e01284aba35cc6e058 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 17 Sep 2013 14:43:12 -0700
Subject: [PATCH] write_file: introduce O_NOFOLLOW, use sane mask

Don't follow symlinks when writing to a file.
Don't create world-writable files.

Bug: 10802869
Change-Id: Ifb55600d574307a535df878acb3347e02028cd30
---
 init/builtins.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init/builtins.c b/init/builtins.c
index bfc0ddb15f..e8c8f91654 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -57,7 +57,7 @@ static int write_file(const char *path, const char *value)
 {
     int fd, ret, len;
 
-    fd = open(path, O_WRONLY|O_CREAT, 0622);
+    fd = open(path, O_WRONLY|O_CREAT|O_NOFOLLOW, 0600);
 
     if (fd < 0)
         return -errno;
-- 
GitLab