From 0d1381adf9666e11bfaa6379549bc81cb2328e72 Mon Sep 17 00:00:00 2001
From: Chris Allegretta <chrisa@asty.org>
Date: Wed, 7 Apr 2010 05:48:24 +0000
Subject: [PATCH]         * files.c (do_writeout): Also abort on writing a
 backup           file when its owner doesn't match the edited file.

git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@4491 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
---
 ChangeLog   |  5 +++--
 src/files.c | 10 ++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3c4edf96..fceeddaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,9 @@
 2010-04-02 Chris Allegretta <chrisa@asty.org>
 	* files.c (do_writeout): Expand modification check to include both the
 	  original file's device ID and inode number as reasons to warn the 
-          user that the file has been modified.  Based on security article on nano
-          by Dan Rosenberg.
+          user that the file has been modified.  Also abort on writing a backup
+	  file when its owner doesn't match the edited file. Based on security 
+	  analysis on nano by Dan Rosenberg.
 
 2010-03-21 Chris Allegretta <chrisa@asty.org>
 	* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal
diff --git a/src/files.c b/src/files.c
index 8e63903a..632c0f9a 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1519,6 +1519,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
 	char *backupname;
 	struct utimbuf filetime;
 	int copy_status;
+	struct stat backupst;
 
 	/* Save the original file's access and modification times. */
 	filetime.actime = openfile->current_stat->st_atime;
@@ -1588,6 +1589,15 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
 	    sprintf(backupname, "%s~", realname);
 	}
 
+	if (stat(backupname, &backupst) != -1 &&
+	    (backupst.st_uid != st.st_uid)) {
+	    statusbar(_("Error writing backup file %s: Permission mismatch"), backupname,
+		strerror(errno));
+	    free(backupname);
+	    goto cleanup_and_exit;
+	}
+
+
 	/* Open the destination backup file.  Before we write to it, we
 	 * set its permissions, so no unauthorized person can read it as
 	 * we write. */
-- 
GitLab