diff options
| author | Colin Walters <walters@verbum.org> | 2013-05-12 07:28:01 +0100 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2013-06-05 19:00:20 +0100 |
| commit | 9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d (patch) | |
| tree | c31cdd02c402cc856eb80fd4c41c56df5f66c6d3 /gio/glocalfile.c | |
| parent | 02aaef5a4dd92fe3a3f3a7c4ccebf22ca1ba2644 (diff) | |
| download | glib-9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d.tar.gz glib-9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d.tar.bz2 glib-9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d.zip | |
Ensure g_file_copy() does not temporarily expose private files
Previously, g_file_copy() would (on Unix) create files with the
default mode of 644. For applications which might at user request
copy arbitrary private files such as ~/.ssh or /etc/shadow, a
world-readable copy would be temporarily exposed.
This patch is suboptimal in that it *only* fixes g_file_copy()
for the case where both source and destination are instances of
GLocalFile on Unix.
The reason for this is that the public GFile APIs for creating files
allow very limited control over the access permissions for the created
file; one can either say a file is "private" or not. Fixing
this by adding e.g. g_file_create_with_attributes() would make sense,
except this would entail 8 new API calls for all the variants of
_create(), _create_async(), _replace(), _replace_async(),
_create_readwrite(), _create_readwrite_async(), _replace_readwrite(),
_replace_readwrite_async(). That can be done as a separate patch
later.
https://bugzilla.gnome.org/show_bug.cgi?id=699959
Diffstat (limited to 'gio/glocalfile.c')
| -rw-r--r-- | gio/glocalfile.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/gio/glocalfile.c b/gio/glocalfile.c index 9007faab5..a4196dcc0 100644 --- a/gio/glocalfile.c +++ b/gio/glocalfile.c @@ -187,6 +187,11 @@ g_local_file_init (GLocalFile *local) { } +const char * +_g_local_file_get_filename (GLocalFile *file) +{ + return file->filename; +} static char * canonicalize_filename (const char *filename) @@ -1396,8 +1401,8 @@ g_local_file_create (GFile *file, GError **error) { return _g_local_file_output_stream_create (G_LOCAL_FILE (file)->filename, - FALSE, - flags, cancellable, error); + FALSE, flags, NULL, + cancellable, error); } static GFileOutputStream * @@ -1409,9 +1414,9 @@ g_local_file_replace (GFile *file, GError **error) { return _g_local_file_output_stream_replace (G_LOCAL_FILE (file)->filename, - FALSE, - etag, make_backup, flags, - cancellable, error); + FALSE, + etag, make_backup, flags, NULL, + cancellable, error); } static GFileIOStream * @@ -1443,7 +1448,7 @@ g_local_file_create_readwrite (GFile *file, GFileIOStream *res; output = _g_local_file_output_stream_create (G_LOCAL_FILE (file)->filename, - TRUE, flags, + TRUE, flags, NULL, cancellable, error); if (output == NULL) return NULL; @@ -1465,9 +1470,9 @@ g_local_file_replace_readwrite (GFile *file, GFileIOStream *res; output = _g_local_file_output_stream_replace (G_LOCAL_FILE (file)->filename, - TRUE, - etag, make_backup, flags, - cancellable, error); + TRUE, + etag, make_backup, flags, NULL, + cancellable, error); if (output == NULL) return NULL; |