Ah that makes sense, attached an updated patch. I don't know whether the
`umask 077` after making the symlink is strictly necessary but it might
avoid nasty surprises later on in the script.

Cheers,
- Tim

On Thu, 1 Feb 2024 at 10:32, Rich Felker <dalias@libc.org> wrote:

> On Thu, Feb 01, 2024 at 09:39:56AM +1100, Tim Cuthbertson wrote:
> > Yeah, setting it to `chmod 000` in just the symlink branch seems good to
> me
> > too.
> >
> > Looking at the script more closely, `mode` is always set and so I'm
> unclear
> > why there is also a `umask 077` at all. Whatever permissions we create
> the
> > file with, we `chmod` it explicitly before doing anything else.
> >
> > Is that line just there to undo the potential change to `umask` in the
> > mkdirp branch? If so, maybe that should be done explicitly by capturing
> the
> > old umask? e.g:
>
> No, it's so that the install.sh never exposes a file to users who
> should not have access to it via the existing umask being more
> permissive than the requested install mode. Normally this does not
> matter for use as part of musl's install process, but the script is
> written to be general and not have security bugs like that.
>
> Rich
>