Files Created with World Read/Write Permissions
The function isc_file_openunique()
tries
to create files with permission mode 0666 as shown in the following listing:
isc_result_t
isc_file_openunique(char *templet, FILE **fp) {
int mode = S_IWUSR | S_IRUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
return (isc_file_openuniquemode(templet, mode, fp));
}
Unless a more restrictive umask is set, this results in the created file to be
world read- and writable for any user on the system. The function isc_file_openunique()
is involved in the creation of temporary files, zone files, and configuration files.
On nearly all modern systems, the umask (https://man.freebsd.org/cgi/man.cgi?query=umask&sektion=2) will be restrictive, mitigating a security impact because it will turn off corresponding bits requested in the file mode.