51ad59
From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
51ad59
From: Ondrej Holy <oholy@redhat.com>
51ad59
Date: Thu, 23 May 2019 10:41:53 +0200
51ad59
Subject: [PATCH] gfile: Limit access to files when copying
51ad59
51ad59
file_copy_fallback creates new files with default permissions and
51ad59
set the correct permissions after the operation is finished. This
51ad59
might cause that the files can be accessible by more users during
51ad59
the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
51ad59
files to limit access to those files.
51ad59
---
51ad59
 gio/gfile.c | 11 ++++++-----
51ad59
 1 file changed, 6 insertions(+), 5 deletions(-)
51ad59
51ad59
diff --git a/gio/gfile.c b/gio/gfile.c
51ad59
index 24b136d80..74b58047c 100644
51ad59
--- a/gio/gfile.c
51ad59
+++ b/gio/gfile.c
51ad59
@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
51ad59
         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
51ad59
                                                                    FALSE, NULL,
51ad59
                                                                    flags & G_FILE_COPY_BACKUP,
51ad59
-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
51ad59
-                                                                   info,
51ad59
+                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
51ad59
+                                                                   G_FILE_CREATE_PRIVATE, info,
51ad59
                                                                    cancellable, error);
51ad59
       else
51ad59
         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
51ad59
-                                                                  FALSE, 0, info,
51ad59
+                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
51ad59
                                                                   cancellable, error);
51ad59
     }
51ad59
   else if (flags & G_FILE_COPY_OVERWRITE)
51ad59
@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
51ad59
       out = (GOutputStream *)g_file_replace (destination,
51ad59
                                              NULL,
51ad59
                                              flags & G_FILE_COPY_BACKUP,
51ad59
-                                             G_FILE_CREATE_REPLACE_DESTINATION,
51ad59
+                                             G_FILE_CREATE_REPLACE_DESTINATION |
51ad59
+                                             G_FILE_CREATE_PRIVATE,
51ad59
                                              cancellable, error);
51ad59
     }
51ad59
   else
51ad59
     {
51ad59
-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
51ad59
+      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
51ad59
     }
51ad59
 
51ad59
   if (!out)
51ad59
-- 
51ad59
2.21.0
51ad59