commit e9b86adf20cebd5b23e404c3dd1779c1074f17c8
from: Markus Uhlin <markus@nifty-networks.net>
date: Fri Aug  1 18:39:34 2025 UTC

UpdateRank: restricted file permissions

commit - 7db4a1f665a36bc2ffcefc9c57245d9ac147c5fb
commit + e9b86adf20cebd5b23e404c3dd1779c1074f17c8
blob - 2f82e626e1374ddab15030502524b95b27ff680b
blob + a719be046b187979a617dd54536d9c1038e19e24
--- FICS/ratings.c
+++ FICS/ratings.c
@@ -1488,7 +1488,8 @@ UpdateRank(int type, char *addName, statistics *sNew, 
 	char		 command[MAX_STRING_LENGTH];
 	char		 line[MAX_RANK_LINE] = { '\0' };
 	char		 login[MAX_LOGIN_NAME] = { '\0' };
-	int		 comp;
+	int		 comp = 0;
+	int		 fd = -1;
 	statistics	 sCur;
 
 	if (GetRankFileName(RankFile, sizeof RankFile, type) < 0)
@@ -1501,9 +1502,17 @@ UpdateRank(int type, char *addName, statistics *sNew, 
 
 	snprintf(TmpRankFile, sizeof TmpRankFile, "%s/tmpRank", sdir);
 
-	if ((fptemp = fopen(TmpRankFile, "w")) == NULL) {
+	errno = 0;
+	fd = open(TmpRankFile, O_WRONLY|O_CREAT, S_IWUSR|S_IRUSR);
+
+	if (fd < 0) {
+		warn("%s: open", __func__);
+		fclose(fp);
+		return;
+	} else if ((fptemp = fdopen(fd, "w")) == NULL) {
 		warn("%s: unable to open rank file for updating", __func__);
 		fclose(fp);
+		close(fd);
 		return;
 	}