From 0acca27ac7270d05e23f046db5e14611a92c9da8 Mon Sep 17 00:00:00 2001
From: Chris Allegretta <chrisa@asty.org>
Date: Mon, 21 Jun 2010 03:10:10 +0000
Subject: [PATCH] 2010-06-20 Chris Allegretta <chrisa@asty.org>         * New
 option allow_insecure_backup, allows the previous security           fixes
 for backup files to be overridden if you're really positive           you
 want to.  Fixes Savannah bug 29732 by Brian Szymanski <skibrianski>.

git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@4508 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
---
 ChangeLog                | 5 +++++
 doc/man/nanorc.5         | 5 +++++
 doc/syntax/nanorc.nanorc | 2 +-
 src/files.c              | 5 +++--
 src/nano.h               | 1 +
 src/rcfile.c             | 1 +
 6 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 674c1722..d2f82746 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-06-20 Chris Allegretta <chrisa@asty.org>
+	* New rc file option allow_insecure_backup, allows the previous security
+	  fixes for backup files to be overridden if you're really positive
+	  you want to.  Fixes Savannah bug 29732 by Brian Szymanski <skibrianski>.
+
 2010-05-23 Chris Allegretta <chrisa@asty.org>
 	* files.c (write_file): Don't even try to chown() the backup
 	  file unless we're root, since it's probably going to fail if
diff --git a/doc/man/nanorc.5 b/doc/man/nanorc.5
index fcc80889..3af57aa1 100644
--- a/doc/man/nanorc.5
+++ b/doc/man/nanorc.5
@@ -57,6 +57,11 @@ match \fI"\fP, \fI'\fP, \fI)\fP, \fI>\fP, \fI]\fP, and \fI}\fP.
 The supported commands and arguments are:
 
 .TP 3
+.B set/unset allow_insecure_backup
+When backing up files, allow the backup to succeed even if its permissions
+can't be (re)set due to special OS considerations.  You should 
+NOT enable this option unless you are sure you need it.
+.TP
 .B set/unset autoindent
 Use auto-indentation.
 .TP
diff --git a/doc/syntax/nanorc.nanorc b/doc/syntax/nanorc.nanorc
index 4b89faf0..19ab5332 100644
--- a/doc/syntax/nanorc.nanorc
+++ b/doc/syntax/nanorc.nanorc
@@ -4,7 +4,7 @@ syntax "nanorc" "\.?nanorc$"
 ## Possible errors and parameters
 icolor brightwhite "^[[:space:]]*((un)?set|include|syntax|i?color).*$"
 ## Keywords
-icolor brightgreen "^[[:space:]]*(set|unset)[[:space:]]+(autoindent|backup|backupdir|backwards|boldtext|brackets|casesensitive|const|cut|fill|historylog|matchbrackets|morespace|mouse|multibuffer|noconvert|nofollow|nohelp|nonewlines|nowrap|operatingdir|preserve|punct)\>" "^[[:space:]]*(set|unset)[[:space:]]+(quickblank|quotestr|rebinddelete|rebindkeypad|regexp|smarthome|smooth|softwrap|speller|suspend|suspendenable|tabsize|tabstospaces|tempfile|undo|view|whitespace|wordbounds)\>"
+icolor brightgreen "^[[:space:]]*(set|unset)[[:space:]]+(allow_insecure_backup|autoindent|backup|backupdir|backwards|boldtext|brackets|casesensitive|const|cut|fill|historylog|matchbrackets|morespace|mouse|multibuffer|noconvert|nofollow|nohelp|nonewlines|nowrap|operatingdir|preserve|punct)\>" "^[[:space:]]*(set|unset)[[:space:]]+(quickblank|quotestr|rebinddelete|rebindkeypad|regexp|smarthome|smooth|softwrap|speller|suspend|suspendenable|tabsize|tabstospaces|tempfile|undo|view|whitespace|wordbounds)\>"
 icolor green "^[[:space:]]*(set|unset|include|syntax|header)\>"
 ## Colors
 icolor yellow "^[[:space:]]*i?color[[:space:]]*(bright)?(white|black|red|blue|green|yellow|magenta|cyan)?(,(white|black|red|blue|green|yellow|magenta|cyan))?\>"
diff --git a/src/files.c b/src/files.c
index 6f4b9182..7b237029 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1615,7 +1615,8 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
         /* We shouldn't worry about chown()ing something if we're not
 	   root, since it's likely to fail! */
 	if (geteuid() == NANO_ROOT_UID && fchown(backup_fd,
-		openfile->current_stat->st_uid, openfile->current_stat->st_gid) == -1 ) {
+		openfile->current_stat->st_uid, openfile->current_stat->st_gid) == -1
+                && !ISSET(INSECURE_BACKUP)) {
 	    statusbar(_("Error writing backup file %s: %s"), backupname,
 		strerror(errno));
 	    free(backupname);
@@ -1623,7 +1624,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
 	    goto cleanup_and_exit;
 	}
 
-	if (fchmod(backup_fd, openfile->current_stat->st_mode) == -1) {
+	if (fchmod(backup_fd, openfile->current_stat->st_mode) == -1 && !ISSET(INSECURE_BACKUP)) {
 	    statusbar(_("Error writing backup file %s: %s"), backupname,
 		strerror(errno));
 	    free(backupname);
diff --git a/src/nano.h b/src/nano.h
index 009c9f2c..0c4d8f85 100644
--- a/src/nano.h
+++ b/src/nano.h
@@ -480,6 +480,7 @@ enum
     REBIND_KEYPAD,
     NO_CONVERT,
     BACKUP_FILE,
+    INSECURE_BACKUP,
     NO_COLOR_SYNTAX,
     PRESERVE,
     HISTORYLOG,
diff --git a/src/rcfile.c b/src/rcfile.c
index 75d6a951..53504699 100644
--- a/src/rcfile.c
+++ b/src/rcfile.c
@@ -77,6 +77,7 @@ static const rcoption rcopts[] = {
 #ifndef NANO_TINY
     {"autoindent", AUTOINDENT},
     {"backup", BACKUP_FILE},
+    {"allow_insecure_backup", INSECURE_BACKUP},
     {"backupdir", 0},
     {"backwards", BACKWARDS_SEARCH},
     {"casesensitive", CASE_SENSITIVE},
-- 
GitLab