Commit 0d1381ad authored by Chris Allegretta's avatar Chris Allegretta
Browse files

* files.c (do_writeout): Also abort on writing a backup

          file when its owner doesn't match the edited file.



git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@4491 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
parent cdb5b161
Showing with 13 additions and 2 deletions
+13 -2
2010-04-02 Chris Allegretta <chrisa@asty.org> 2010-04-02 Chris Allegretta <chrisa@asty.org>
* files.c (do_writeout): Expand modification check to include both the * files.c (do_writeout): Expand modification check to include both the
original file's device ID and inode number as reasons to warn the original file's device ID and inode number as reasons to warn the
user that the file has been modified. Based on security article on nano user that the file has been modified. Also abort on writing a backup
by Dan Rosenberg. file when its owner doesn't match the edited file. Based on security
analysis on nano by Dan Rosenberg.
2010-03-21 Chris Allegretta <chrisa@asty.org> 2010-03-21 Chris Allegretta <chrisa@asty.org>
* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal * nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal
......
...@@ -1519,6 +1519,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type ...@@ -1519,6 +1519,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
char *backupname; char *backupname;
struct utimbuf filetime; struct utimbuf filetime;
int copy_status; int copy_status;
struct stat backupst;
/* Save the original file's access and modification times. */ /* Save the original file's access and modification times. */
filetime.actime = openfile->current_stat->st_atime; filetime.actime = openfile->current_stat->st_atime;
...@@ -1588,6 +1589,15 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type ...@@ -1588,6 +1589,15 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
sprintf(backupname, "%s~", realname); sprintf(backupname, "%s~", realname);
} }
if (stat(backupname, &backupst) != -1 &&
(backupst.st_uid != st.st_uid)) {
statusbar(_("Error writing backup file %s: Permission mismatch"), backupname,
strerror(errno));
free(backupname);
goto cleanup_and_exit;
}
/* Open the destination backup file. Before we write to it, we /* Open the destination backup file. Before we write to it, we
* set its permissions, so no unauthorized person can read it as * set its permissions, so no unauthorized person can read it as
* we write. */ * we write. */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment