From 976b7bffdeba3614fe20877bf231b46262502596 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Wed, 14 Jan 2026 19:57:00 +0100
Subject: [PATCH] vipw: Prefer fchmod/fchown over chmod/chown

Use file descriptor functions when file descriptor is available, instead
of path based operations. The latter resolve symbolic links and are
prone to race conditions.

Reported-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 src/vipw.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/vipw.c b/src/vipw.c
index da922abe..5ffd1680 100644
--- a/src/vipw.c
+++ b/src/vipw.c
@@ -132,16 +132,18 @@ static int create_backup_file (FILE * fp, char *backup, struct stat *sb)
 		unlink (backup);
 		return -1;
 	}
-	if (fclose (bkfp) != 0) {
-		unlink (backup);
-		return -1;
-	}
 
 	ub.actime = sb->st_atime;
 	ub.modtime = sb->st_mtime;
 	if (   (utime (backup, &ub) != 0)
-	    || (chmod (backup, sb->st_mode) != 0)
-	    || (chown (backup, sb->st_uid, sb->st_gid) != 0)) {
+	    || (fchmod(fileno(bkfp), sb->st_mode) != 0)
+	    || (fchown(fileno(bkfp), sb->st_uid, sb->st_gid) != 0)) {
+		fclose(bkfp);
+		unlink (backup);
+		return -1;
+	}
+
+	if (fclose (bkfp) != 0) {
 		unlink (backup);
 		return -1;
 	}