[balsa] Fix unsafe permissions for config-private

From: Peter Bloomfield <peterb src gnome org>
To: commits-list gnome org
Cc:
Subject: [balsa] Fix unsafe permissions for config-private
Date: Mon, 20 Feb 2017 00:01:07 +0000 (UTC)

commit 47b3c99be91645136e2e563bff180b47ed3ce1d0
Author: Albrecht Dreß <albrecht dress arcor de>
Date:   Sun Feb 19 18:40:16 2017 -0500

    Fix unsafe permissions for config-private
    
        * libbalsa/libbalsa-conf.c (lbc_init), (lbc_lock), (lbc_sync):
          ensure that permissons on $HOME/.balsa/config-private are 0600
          after saving it.
    
    Signed-off-by: Peter Bloomfield <PeterBloomfield bellsouth net>

 ChangeLog                |    8 ++++++++
 libbalsa/libbalsa-conf.c |   10 +++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index f52dfa9..0164eb2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-02-19  Albrecht Dreß
+
+       Fix unsafe permissions for config-private
+
+       * libbalsa/libbalsa-conf.c (lbc_init), (lbc_lock), (lbc_sync):
+         ensure that permissons on $HOME/.balsa/config-private are 0600
+         after saving it.
+
 2017-02-08  Peter Bloomfield  <pbloomfield bellsouth net>
 
        Do not access a stale pointer
diff --git a/libbalsa/libbalsa-conf.c b/libbalsa/libbalsa-conf.c
index efdab06..4e53f5a 100644
--- a/libbalsa/libbalsa-conf.c
+++ b/libbalsa/libbalsa-conf.c
@@ -41,6 +41,7 @@ typedef struct {
     gchar *path;
     guint changes;
     time_t mtime;
+    gboolean private;
 } LibBalsaConf;
 
 static LibBalsaConf lbc_conf;
@@ -77,12 +78,13 @@ lbc_readfile(const gchar * filename)
 
 static void
 lbc_init(LibBalsaConf * conf, const gchar * filename,
-         const gchar * old_dir)
+         const gchar * old_dir, gboolean private)
 {
     struct stat buf;
     GError *error = NULL;
     gint rc;
 
+    conf->private = private;
     if (!conf->path)
         conf->path =
             g_build_filename(g_get_home_dir(), ".balsa", filename, NULL);
@@ -153,8 +155,8 @@ lbc_lock(void)
 
     g_rec_mutex_lock(&lbc_mutex);
     if (!initialized) {
-        lbc_init(&lbc_conf, "config", ".gnome2");
-        lbc_init(&lbc_conf_priv, "config-private", ".gnome2_private");
+        lbc_init(&lbc_conf, "config", ".gnome2", FALSE);
+        lbc_init(&lbc_conf_priv, "config-private", ".gnome2_private", TRUE);
         initialized = TRUE;
     }
 }
@@ -511,6 +513,8 @@ lbc_sync(LibBalsaConf * conf)
                           " changes not saved", conf->path);
 #endif                          /* DEBUG */
         }
+    } else if (conf->private) {
+        g_chmod(conf->path, 0600);
     }
 
     g_free(buf);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]