Potential fix for code scanning alert no. 4558: Time-of-check time-of-use filesystem race condition

[GIC-de]

Potential fix for https://github.com/rtbrick/bngblaster/security/code-scanning/4558

In general, the way to fix this is to avoid operating on the filename after opening the file and instead operate directly on the file descriptor corresponding to the file that was opened. For permission changes, the secure alternative is fchmod on a file descriptor, rather than chmod on the path. This removes the window where the path could be swapped out from under the process.

For this specific function, bbl_interface_lock in code/bngblaster/src/bbl_interface.c, we already have a FILE *lock_file from fopen(lock_path, "w"). We can obtain its underlying file descriptor using fileno(lock_file) and immediately call fchmod(fd, 0666) before closing the file, instead of calling chmod(lock_path, 0666) after closing it. This atomically ties the permission change to the exact file we just created/opened, eliminating the TOCTOU race on the pathname. Concretely:

• After successfully opening lock_file and writing the PID, but before fclose(lock_file), introduce an int fd = fileno(lock_file); and, if fd >= 0, call fchmod(fd, 0666). It is sufficient to log an error or ignore failure, but we must not revert to a chmod on the path.
• Remove the existing chmod(lock_path, 0666); call after fclose(lock_file);.
• No new headers are needed: fileno is declared in <stdio.h>, already indirectly included by "bbl.h" (and we already include <sys/stat.h> for fchmod’s prototype).

This change preserves existing behavior (trying to set the lock file’s mode to 0666) but does so safely, without changing how the rest of the function works.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[hannesgredler]

Looks good to me.