| glib-2.0: fix CVE-2019-12450 |
| |
| Not in release 2.61.1. |
| |
| CVE: CVE-2019-12450 |
| |
| Upstream-Status: Backport [github.com/GNOME/glib.git] |
| Signed-off-by: Joe Slater <joe.slater@windrivere.com> |
| --- |
| From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001 |
| From: Ondrej Holy <oholy@redhat.com> |
| Date: Thu, 23 May 2019 10:41:53 +0200 |
| Subject: [PATCH] gfile: Limit access to files when copying |
| |
| file_copy_fallback creates new files with default permissions and |
| set the correct permissions after the operation is finished. This |
| might cause that the files can be accessible by more users during |
| the operation than expected. Use G_FILE_CREATE_PRIVATE for the new |
| files to limit access to those files. |
| --- |
| gio/gfile.c | 11 ++++++----- |
| 1 file changed, 6 insertions(+), 5 deletions(-) |
| |
| diff --git a/gio/gfile.c b/gio/gfile.c |
| index 24b136d80..74b58047c 100644 |
| --- a/gio/gfile.c |
| +++ b/gio/gfile.c |
| @@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, |
| out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), |
| FALSE, NULL, |
| flags & G_FILE_COPY_BACKUP, |
| - G_FILE_CREATE_REPLACE_DESTINATION, |
| - info, |
| + G_FILE_CREATE_REPLACE_DESTINATION | |
| + G_FILE_CREATE_PRIVATE, info, |
| cancellable, error); |
| else |
| out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), |
| - FALSE, 0, info, |
| + FALSE, G_FILE_CREATE_PRIVATE, info, |
| cancellable, error); |
| } |
| else if (flags & G_FILE_COPY_OVERWRITE) |
| @@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, |
| out = (GOutputStream *)g_file_replace (destination, |
| NULL, |
| flags & G_FILE_COPY_BACKUP, |
| - G_FILE_CREATE_REPLACE_DESTINATION, |
| + G_FILE_CREATE_REPLACE_DESTINATION | |
| + G_FILE_CREATE_PRIVATE, |
| cancellable, error); |
| } |
| else |
| { |
| - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); |
| + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); |
| } |
| |
| if (!out) |
| -- |
| 2.17.1 |
| |