diff options
author | Antonio Larrosa <larrosa@kde.org> | 2017-04-18 17:56:35 +0200 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2017-07-28 21:47:30 +0000 |
commit | 23187ade6075e88e9212acef7c829a319f0a39dc (patch) | |
tree | bb0c67c9d8ba13387329c71433bc1a8fe498eb32 /src/widgets/dialogs | |
parent | 5978be31295eb78106fa968a86ba3182f31b2d21 (diff) |
Fix open/chmod race condition in QSaveFile
This fixes a problem introduced in a60571b3700e80f44705ebc4bab9628cf852891c
The problem happens when an application like Kate (actually, ktexteditor)
uses QSaveFile to save files. So if you open a secretfile.txt file (with
permissions 0600), edit and save it, then QSaveFile currently
generates a temporary file with 0666 that afterwards gets chmod'ed to
0600 again, but in between, some other user in the system can open the
temporary file and get a file descriptor that would allow him/her to read
the contents of a file with 0600 permissions.
Change-Id: I824025f54d6faf853da88e4dfcb092b577b4df04
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Diffstat (limited to 'src/widgets/dialogs')
0 files changed, 0 insertions, 0 deletions