[glib/mcatanzaro/glib-2-56-rhel8: 5/45] gfile: Limit access to files when copying

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib/mcatanzaro/glib-2-56-rhel8: 5/45] gfile: Limit access to files when copying
Date: Wed, 10 Nov 2021 22:05:58 +0000 (UTC)


commit 4088f3017dd5a8d10760a8e069e05f81335d559c
Author: Ondrej Holy <oholy redhat com>
Date:   Thu May 23 10:41:53 2019 +0200

    gfile: Limit access to files when copying
    
    file_copy_fallback creates new files with default permissions and
    set the correct permissions after the operation is finished. This
    might cause that the files can be accessible by more users during
    the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
    files to limit access to those files.

 gio/gfile.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
---
diff --git a/gio/gfile.c b/gio/gfile.c
index a67aad383..ff313ebf8 100644
--- a/gio/gfile.c
+++ b/gio/gfile.c
@@ -3279,12 +3279,12 @@ file_copy_fallback (GFile                  *source,
         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE 
(destination)),
                                                                    FALSE, NULL,
                                                                    flags & G_FILE_COPY_BACKUP,
-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
-                                                                   info,
+                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
+                                                                   G_FILE_CREATE_PRIVATE, info,
                                                                    cancellable, error);
       else
         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE 
(destination)),
-                                                                  FALSE, 0, info,
+                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
                                                                   cancellable, error);
     }
   else if (flags & G_FILE_COPY_OVERWRITE)
@@ -3292,12 +3292,13 @@ file_copy_fallback (GFile                  *source,
       out = (GOutputStream *)g_file_replace (destination,
                                              NULL,
                                              flags & G_FILE_COPY_BACKUP,
-                                             G_FILE_CREATE_REPLACE_DESTINATION,
+                                             G_FILE_CREATE_REPLACE_DESTINATION |
+                                             G_FILE_CREATE_PRIVATE,
                                              cancellable, error);
     }
   else
     {
-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
+      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
     }
 
   if (!out)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]