From c34b58abb07b4b4cd69034709b528f1555af084b Mon Sep 17 00:00:00 2001
From: Rebecca Mahany-Horton <rebeccamahany@gmail.com>
Date: Wed, 10 Apr 2024 11:40:12 -0400
Subject: [PATCH] [TUF] Prevent executable from being overwritten (#1678)

---
 ee/tuf/library_manager.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ee/tuf/library_manager.go b/ee/tuf/library_manager.go
index 3c5b94ff3..4f4bc7b25 100644
--- a/ee/tuf/library_manager.go
+++ b/ee/tuf/library_manager.go
@@ -154,13 +154,17 @@ func (ulm *updateLibraryManager) stageAndVerifyUpdate(binary autoupdatableBinary
 		return stagedUpdatePath, fmt.Errorf("verification failed for target %s staged at %s: %w", targetFilename, stagedUpdatePath, err)
 	}
 
-	// Everything looks good: create the file and write it to disk
-	out, err := os.Create(stagedUpdatePath)
+	// Everything looks good: create the file and write it to disk.
+	// We create the file with 0655 permissions to prevent any other user from writing to this file
+	// before we can copy to it.
+	out, err := os.OpenFile(stagedUpdatePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0655)
 	if err != nil {
 		return "", fmt.Errorf("could not create file at %s: %w", stagedUpdatePath, err)
 	}
 	if _, err := io.Copy(out, &fileBuffer); err != nil {
-		out.Close()
+		if err := out.Close(); err != nil {
+			return stagedUpdatePath, fmt.Errorf("could not write downloaded target %s to file %s and could not close file: %w", targetFilename, stagedUpdatePath, err)
+		}
 		return stagedUpdatePath, fmt.Errorf("could not write downloaded target %s to file %s: %w", targetFilename, stagedUpdatePath, err)
 	}
 	if err := out.Close(); err != nil {