os: document file mode of temporary files

Fixes #66784

Change-Id: Ifd17e0830e04e7028d8a876c6c12c496f5167887
Reviewed-on: https://go-review.googlesource.com/c/go/+/578395
Auto-Submit: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/src/os/tempfile.go b/src/os/tempfile.go
index 5ccc0062965a884e1de94cccb965ecc305990456..af70b360b3a0f0ef0bb16dc0d98ce797ca1b9b4f 100644 (file)
--- a/src/os/tempfile.go
+++ b/src/os/tempfile.go
@@ -27,6 +27,7 @@ func nextRandom() string {
 // opens the file for reading and writing, and returns the resulting file.
 // The filename is generated by taking pattern and adding a random string to the end.
 // If pattern includes a "*", the random string replaces the last "*".
+// The file is created with mode 0o600 (before umask).
 // If dir is the empty string, CreateTemp uses the default directory for temporary files, as returned by [TempDir].
 // Multiple programs or goroutines calling CreateTemp simultaneously will not choose the same file.
 // The caller can use the file's Name method to find the pathname of the file.
@@ -78,6 +79,7 @@ func prefixAndSuffix(pattern string) (prefix, suffix string, err error) {
 // and returns the pathname of the new directory.
 // The new directory's name is generated by adding a random string to the end of pattern.
 // If pattern includes a "*", the random string replaces the last "*" instead.
+// The directory is created with mode 0o700 (before umask).
 // If dir is the empty string, MkdirTemp uses the default directory for temporary files, as returned by TempDir.
 // Multiple programs or goroutines calling MkdirTemp simultaneously will not choose the same directory.
 // It is the caller's responsibility to remove the directory when it is no longer needed.