Fix open/chmod race condition in QSaveFile

This fixes a problem introduced in a60571b3700e80f44705ebc4bab9628cf852891c

The problem happens when an application like Kate (actually, ktexteditor)
uses QSaveFile to save files. So if you open a secretfile.txt file (with
permissions 0600), edit and save it, then QSaveFile currently
generates a temporary file with 0666 that afterwards gets chmod'ed to
0600 again, but in between, some other user in the system can open the
temporary file and get a file descriptor that would allow him/her to read
the contents of a file with 0600 permissions.

Change-Id: I824025f54d6faf853da88e4dfcb092b577b4df04
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>

1 files changed, 5 insertions, 1 deletions

diff --git a/src/corelib/io/qsavefile.cpp b/src/corelib/io/qsavefile.cpp
index 0283c5f31f..3f45ca5f91 100644
--- a/src/corelib/io/qsavefile.cpp
+++ b/src/corelib/io/qsavefile.cpp
@@ -232,7 +232,11 @@ bool QSaveFile::open(OpenMode mode)
     }
 
     d->fileEngine = new QTemporaryFileEngine;
-    static_cast<QTemporaryFileEngine *>(d->fileEngine)->initialize(d->finalFileName, 0666);
+    // if the target file exists, we'll copy its permissions below,
+    // but until then, let's ensure the temporary file is not accessible
+    // to a third party
+    int perm = (existingFile.exists() ? 0600 : 0666);
+    static_cast<QTemporaryFileEngine *>(d->fileEngine)->initialize(d->finalFileName, perm);
     // Same as in QFile: QIODevice provides the buffering, so there's no need to request it from the file engine.
     if (!d->fileEngine->open(mode | QIODevice::Unbuffered)) {
         QFileDevice::FileError err = d->fileEngine->error();