From: Ondrej Holy Date: Thu, 23 May 2019 08:41:53 +0000 (+0200) Subject: [CVE-2019-12450]gfile: Limit access to files when copying X-Git-Tag: accepted/tizen/unified/20190604.014623^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6e5e8aaa843238ed8c3125ccd58a474789cff2d9;p=platform%2Fupstream%2Fglib.git [CVE-2019-12450]gfile: Limit access to files when copying file_copy_fallback creates new files with default permissions and set the correct permissions after the operation is finished. This might cause that the files can be accessible by more users during the operation than expected. Use G_FILE_CREATE_PRIVATE for the new files to limit access to those files. Change-Id: Id071a47323fcd0690dec6a5d519d5ab4f2f43562 Signed-off-by: Hyunjee Kim (cherry picked from commit ec54d211518bf3c2f397f565088a7054219f194e) --- diff --git a/gio/gfile.c b/gio/gfile.c index af0587b..73aa022 100644 --- a/gio/gfile.c +++ b/gio/gfile.c @@ -3159,12 +3159,12 @@ file_copy_fallback (GFile *source, out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), FALSE, NULL, flags & G_FILE_COPY_BACKUP, - G_FILE_CREATE_REPLACE_DESTINATION, - info, + G_FILE_CREATE_REPLACE_DESTINATION | + G_FILE_CREATE_PRIVATE, info, cancellable, error); else out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), - FALSE, 0, info, + FALSE, G_FILE_CREATE_PRIVATE, info, cancellable, error); } else if (flags & G_FILE_COPY_OVERWRITE) @@ -3177,7 +3177,7 @@ file_copy_fallback (GFile *source, } else { - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); } if (!out)