| From cf09035d361287dfadc93f09272ce68b4a9457ad Mon Sep 17 00:00:00 2001 |
| From: Ondrej Holy <oholy@redhat.com> |
| Date: Thu, 23 May 2019 10:41:53 +0200 |
| Subject: [PATCH] gfile: Limit access to files when copying |
| |
| file_copy_fallback creates new files with default permissions and |
| set the correct permissions after the operation is finished. This |
| might cause that the files can be accessible by more users during |
| the operation than expected. Use G_FILE_CREATE_PRIVATE for the new |
| files to limit access to those files. |
| |
| (cherry picked from commit d8f8f4d637ce43f8699ba94c9b7648beda0ca174) |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| --- |
| gio/gfile.c | 11 ++++++----- |
| 1 file changed, 6 insertions(+), 5 deletions(-) |
| |
| diff --git a/gio/gfile.c b/gio/gfile.c |
| index a67aad383..ff313ebf8 100644 |
| --- a/gio/gfile.c |
| +++ b/gio/gfile.c |
| @@ -3279,12 +3279,12 @@ file_copy_fallback (GFile *source, |
| out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), |
| FALSE, NULL, |
| flags & G_FILE_COPY_BACKUP, |
| - G_FILE_CREATE_REPLACE_DESTINATION, |
| - info, |
| + G_FILE_CREATE_REPLACE_DESTINATION | |
| + G_FILE_CREATE_PRIVATE, info, |
| cancellable, error); |
| else |
| out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), |
| - FALSE, 0, info, |
| + FALSE, G_FILE_CREATE_PRIVATE, info, |
| cancellable, error); |
| } |
| else if (flags & G_FILE_COPY_OVERWRITE) |
| @@ -3292,12 +3292,13 @@ file_copy_fallback (GFile *source, |
| out = (GOutputStream *)g_file_replace (destination, |
| NULL, |
| flags & G_FILE_COPY_BACKUP, |
| - G_FILE_CREATE_REPLACE_DESTINATION, |
| + G_FILE_CREATE_REPLACE_DESTINATION | |
| + G_FILE_CREATE_PRIVATE, |
| cancellable, error); |
| } |
| else |
| { |
| - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); |
| + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); |
| } |
| |
| if (!out) |
| -- |
| 2.11.0 |
| |