summaryrefslogtreecommitdiff
path: root/gio/glocalfile.c
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2013-05-12 07:28:01 +0100
committerColin Walters <walters@verbum.org>2013-06-05 19:00:20 +0100
commit9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d (patch)
treec31cdd02c402cc856eb80fd4c41c56df5f66c6d3 /gio/glocalfile.c
parent02aaef5a4dd92fe3a3f3a7c4ccebf22ca1ba2644 (diff)
downloadglib-9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d.tar.gz
glib-9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d.tar.bz2
glib-9f1a0b57cdca9eb2f9d8a8ecd414369df739fb8d.zip
Ensure g_file_copy() does not temporarily expose private files
Previously, g_file_copy() would (on Unix) create files with the default mode of 644. For applications which might at user request copy arbitrary private files such as ~/.ssh or /etc/shadow, a world-readable copy would be temporarily exposed. This patch is suboptimal in that it *only* fixes g_file_copy() for the case where both source and destination are instances of GLocalFile on Unix. The reason for this is that the public GFile APIs for creating files allow very limited control over the access permissions for the created file; one can either say a file is "private" or not. Fixing this by adding e.g. g_file_create_with_attributes() would make sense, except this would entail 8 new API calls for all the variants of _create(), _create_async(), _replace(), _replace_async(), _create_readwrite(), _create_readwrite_async(), _replace_readwrite(), _replace_readwrite_async(). That can be done as a separate patch later. https://bugzilla.gnome.org/show_bug.cgi?id=699959
Diffstat (limited to 'gio/glocalfile.c')
-rw-r--r--gio/glocalfile.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/gio/glocalfile.c b/gio/glocalfile.c
index 9007faab5..a4196dcc0 100644
--- a/gio/glocalfile.c
+++ b/gio/glocalfile.c
@@ -187,6 +187,11 @@ g_local_file_init (GLocalFile *local)
{
}
+const char *
+_g_local_file_get_filename (GLocalFile *file)
+{
+ return file->filename;
+}
static char *
canonicalize_filename (const char *filename)
@@ -1396,8 +1401,8 @@ g_local_file_create (GFile *file,
GError **error)
{
return _g_local_file_output_stream_create (G_LOCAL_FILE (file)->filename,
- FALSE,
- flags, cancellable, error);
+ FALSE, flags, NULL,
+ cancellable, error);
}
static GFileOutputStream *
@@ -1409,9 +1414,9 @@ g_local_file_replace (GFile *file,
GError **error)
{
return _g_local_file_output_stream_replace (G_LOCAL_FILE (file)->filename,
- FALSE,
- etag, make_backup, flags,
- cancellable, error);
+ FALSE,
+ etag, make_backup, flags, NULL,
+ cancellable, error);
}
static GFileIOStream *
@@ -1443,7 +1448,7 @@ g_local_file_create_readwrite (GFile *file,
GFileIOStream *res;
output = _g_local_file_output_stream_create (G_LOCAL_FILE (file)->filename,
- TRUE, flags,
+ TRUE, flags, NULL,
cancellable, error);
if (output == NULL)
return NULL;
@@ -1465,9 +1470,9 @@ g_local_file_replace_readwrite (GFile *file,
GFileIOStream *res;
output = _g_local_file_output_stream_replace (G_LOCAL_FILE (file)->filename,
- TRUE,
- etag, make_backup, flags,
- cancellable, error);
+ TRUE,
+ etag, make_backup, flags, NULL,
+ cancellable, error);
if (output == NULL)
return NULL;