1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From c7f7fd53780f8caebccc903d61ffc21632b46a6c Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Tue, 22 Jan 2019 13:26:31 -0500
Subject: [PATCH] keyfile settings: Use tighter permissions
When creating directories, create them with 700 permissions,
instead of 777.
Closes: #1658
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/glib/commit
/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429]
CVE: CVE-2019-13012
Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
---
gio/gkeyfilesettingsbackend.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index a37978e83..580a0b0a1 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -89,7 +89,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb)
contents = g_key_file_to_data (kfsb->keyfile, &length, NULL);
g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE,
- G_FILE_CREATE_REPLACE_DESTINATION,
+ G_FILE_CREATE_REPLACE_DESTINATION |
+ G_FILE_CREATE_PRIVATE,
NULL, NULL, NULL);
compute_checksum (kfsb->digest, contents, length);
@@ -640,7 +641,7 @@ g_keyfile_settings_backend_new (const gchar *filename,
kfsb->file = g_file_new_for_path (filename);
kfsb->dir = g_file_get_parent (kfsb->file);
- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
+ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700);
kfsb->file_monitor = g_file_monitor (kfsb->file, 0, NULL, NULL);
kfsb->dir_monitor = g_file_monitor (kfsb->dir, 0, NULL, NULL);
--
2.22.0
|
