commit 0d1381adf9666e11bfaa6379549bc81cb2328e72
parent cdb5b16198528aeceff0b4e23b047cb6e2fbffa4
Author: Chris Allegretta <chrisa@asty.org>
Date: Wed, 7 Apr 2010 05:48:24 +0000
* files.c (do_writeout): Also abort on writing a backup
file when its owner doesn't match the edited file.
git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@4491 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
Diffstat:
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,8 +1,9 @@
2010-04-02 Chris Allegretta <chrisa@asty.org>
* files.c (do_writeout): Expand modification check to include both the
original file's device ID and inode number as reasons to warn the
- user that the file has been modified. Based on security article on nano
- by Dan Rosenberg.
+ user that the file has been modified. Also abort on writing a backup
+ file when its owner doesn't match the edited file. Based on security
+ analysis on nano by Dan Rosenberg.
2010-03-21 Chris Allegretta <chrisa@asty.org>
* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal
diff --git a/src/files.c b/src/files.c
@@ -1519,6 +1519,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
char *backupname;
struct utimbuf filetime;
int copy_status;
+ struct stat backupst;
/* Save the original file's access and modification times. */
filetime.actime = openfile->current_stat->st_atime;
@@ -1588,6 +1589,15 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
sprintf(backupname, "%s~", realname);
}
+ if (stat(backupname, &backupst) != -1 &&
+ (backupst.st_uid != st.st_uid)) {
+ statusbar(_("Error writing backup file %s: Permission mismatch"), backupname,
+ strerror(errno));
+ free(backupname);
+ goto cleanup_and_exit;
+ }
+
+
/* Open the destination backup file. Before we write to it, we
* set its permissions, so no unauthorized person can read it as
* we write. */
