From 23187ade6075e88e9212acef7c829a319f0a39dc Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Tue, 18 Apr 2017 17:56:35 +0200 Subject: [PATCH] Fix open/chmod race condition in QSaveFile This fixes a problem introduced in a60571b3700e80f44705ebc4bab9628cf852891c The problem happens when an application like Kate (actually, ktexteditor) uses QSaveFile to save files. So if you open a secretfile.txt file (with permissions 0600), edit and save it, then QSaveFile currently generates a temporary file with 0666 that afterwards gets chmod'ed to 0600 again, but in between, some other user in the system can open the temporary file and get a file descriptor that would allow him/her to read the contents of a file with 0600 permissions. Change-Id: I824025f54d6faf853da88e4dfcb092b577b4df04 Reviewed-by: Thiago Macieira Reviewed-by: Oswald Buddenhagen --- src/corelib/io/qsavefile.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/corelib/io/qsavefile.cpp b/src/corelib/io/qsavefile.cpp index 0283c5f31fb..3f45ca5f913 100644 --- a/src/corelib/io/qsavefile.cpp +++ b/src/corelib/io/qsavefile.cpp @@ -232,7 +232,11 @@ bool QSaveFile::open(OpenMode mode) } d->fileEngine = new QTemporaryFileEngine; - static_cast(d->fileEngine)->initialize(d->finalFileName, 0666); + // if the target file exists, we'll copy its permissions below, + // but until then, let's ensure the temporary file is not accessible + // to a third party + int perm = (existingFile.exists() ? 0600 : 0666); + static_cast(d->fileEngine)->initialize(d->finalFileName, perm); // Same as in QFile: QIODevice provides the buffering, so there's no need to request it from the file engine. if (!d->fileEngine->open(mode | QIODevice::Unbuffered)) { QFileDevice::FileError err = d->fileEngine->error();