Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
libqt5-qtbase.16542
0001-Fix-open-chmod-race-condition-in-QSaveFile...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-open-chmod-race-condition-in-QSaveFile.patch of Package libqt5-qtbase.16542
From e840a7ed21bc8e93e2e87fec25dd98aa0039fca1 Mon Sep 17 00:00:00 2001 From: Antonio Larrosa <larrosa@kde.org> Date: Tue, 18 Apr 2017 17:56:35 +0200 Subject: [PATCH] Fix open/chmod race condition in QSaveFile This fixes a problem introduced in a60571b3700e80f44705ebc4bab9628cf852891c by which a temporary file could be created with mode 0666 (0644 after applying umask), and then changed to 0600, but in the meantime it would be possible for anyone to get a working file descriptor that could be used to read the file. See https://bugzilla.suse.com/show_bug.cgi?id=1034005. Change-Id: I824025f54d6faf853da88e4dfcb092b577b4df04 --- src/corelib/io/qsavefile.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/corelib/io/qsavefile.cpp b/src/corelib/io/qsavefile.cpp index 5a325f8e2c..af90b96d82 100644 --- a/src/corelib/io/qsavefile.cpp +++ b/src/corelib/io/qsavefile.cpp @@ -216,7 +216,8 @@ bool QSaveFile::open(OpenMode mode) } d->fileEngine = new QTemporaryFileEngine; - static_cast<QTemporaryFileEngine *>(d->fileEngine)->initialize(d->finalFileName, 0666); + int perm = (existingFile.exists() ? 0600 : 0666); + static_cast<QTemporaryFileEngine *>(d->fileEngine)->initialize(d->finalFileName, perm); // Same as in QFile: QIODevice provides the buffering, so there's no need to request it from the file engine. if (!d->fileEngine->open(mode | QIODevice::Unbuffered)) { QFileDevice::FileError err = d->fileEngine->error(); -- 2.12.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor