mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-08-01 15:03:39 +02:00
Ensure g_file_copy() does not temporarily expose private files
Previously, g_file_copy() would (on Unix) create files with the default mode of 644. For applications which might at user request copy arbitrary private files such as ~/.ssh or /etc/shadow, a world-readable copy would be temporarily exposed. This patch is suboptimal in that it *only* fixes g_file_copy() for the case where both source and destination are instances of GLocalFile on Unix. The reason for this is that the public GFile APIs for creating files allow very limited control over the access permissions for the created file; one can either say a file is "private" or not. Fixing this by adding e.g. g_file_create_with_attributes() would make sense, except this would entail 8 new API calls for all the variants of _create(), _create_async(), _replace(), _replace_async(), _create_readwrite(), _create_readwrite_async(), _replace_readwrite(), _replace_readwrite_async(). That can be done as a separate patch later. https://bugzilla.gnome.org/show_bug.cgi?id=699959
This commit is contained in:
Colin Walters
@@ -67,6 +67,7 @@ GFileOutputStream * _g_local_file_output_stream_open (const char *file
|
||||
GFileOutputStream * _g_local_file_output_stream_create (const char *filename,
|
||||
gboolean readable,
|
||||
GFileCreateFlags flags,
|
||||
GFileInfo *reference_info,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
GFileOutputStream * _g_local_file_output_stream_append (const char *filename,
|
||||
@@ -78,6 +79,7 @@ GFileOutputStream * _g_local_file_output_stream_replace (const char *file
|
||||
const char *etag,
|
||||
gboolean create_backup,
|
||||
GFileCreateFlags flags,
|
||||
GFileInfo *reference_info,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user