Headline
CVE-2019-12450: gfile: Limit access to files when copying (d8f8f4d6) · Commits · GNOME / GLib · GitLab
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
Commit d8f8f4d6 authored May 23, 2019 by
Browse files
gfile: Limit access to files when copying
file_copy_fallback creates new files with default permissions and set the correct permissions after the operation is finished. This might cause that the files can be accessible by more users during the operation than expected. Use G_FILE_CREATE_PRIVATE for the new files to limit access to those files.
Pipeline #83814 passed with stages
in 11 minutes and 48 seconds
- Changes 1
- Pipelines 1
…
…
@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
FALSE, NULL,
flags & G_FILE_COPY_BACKUP,
G_FILE_CREATE_REPLACE_DESTINATION,
info,
G_FILE_CREATE_REPLACE_DESTINATION |
G_FILE_CREATE_PRIVATE, info,
cancellable, error);
else
out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
FALSE, 0, info,
FALSE, G_FILE_CREATE_PRIVATE, info,
cancellable, error);
}
else if (flags & G_FILE_COPY_OVERWRITE)
…
…
@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
out = (GOutputStream *)g_file_replace (destination,
NULL,
flags & G_FILE_COPY_BACKUP,
G_FILE_CREATE_REPLACE_DESTINATION,
G_FILE_CREATE_REPLACE_DESTINATION |
G_FILE_CREATE_PRIVATE,
cancellable, error);
}
else
{
out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
}
if (!out)
…
…
mentioned in merge request !1134 (merged)
mentioned in merge request !1134
mentioned in commit 53f6ede6
mentioned in commit 53f6ede62819fca7082e7cc1ed89edb799991f9a
mentioned in commit 56e244ec
mentioned in commit 56e244ecdf9e9419f52b24858d23a014f32fa5a9
mentioned in commit b37d628c
mentioned in commit b37d628c01da0bd61348b3ac73b7a436af008d8d