moveToTrash/Unix: avoid mkdir/chmod race condition for the trash dir

QDir::mkdir() followed by QFile::setPermissions() is a race condition because an attacker could enter the directory before we set the permissions. QDir::mkdir() got an overload with the permissions in 6.3, but I decided to go a level lower and use QFileSystemEngine directly here. Change-Id: I9d43e5b91eb142d6945cfffd1786c338e21c129e Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit a71f5568304fa2c9d596d52374c7e69ac98f8ad7) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit f3e34e94668070c0fc8d5eea627045f40b24dc57)
2023-09-20 17:42:38 -07:00 · 2023-09-20 17:42:38 -07:00 · c77b2b5e73
commit c77b2b5e73
parent e5adee7685
1 changed files with 4 additions and 2 deletions
--- a/src/corelib/io/qfilesystemengine_unix.cpp
+++ b/src/corelib/io/qfilesystemengine_unix.cpp
@ -1163,8 +1163,10 @@ static QString freeDesktopTrashLocation(const QString &sourcePath)
                        | QFileDevice::ExeOwner;
        QString targetDir = topDir.filePath(trashDir);
        // deliberately not using mkpath, since we want to fail if topDir doesn't exist
-        if (topDir.mkdir(trashDir))
-            QFile::setPermissions(targetDir, ownerPerms);
+        bool created = QFileSystemEngine::createDirectory(QFileSystemEntry(targetDir), false, ownerPerms);
+        if (created)
+            return targetDir;
+        // maybe it already exists and is a directory
        if (QFileInfo(targetDir).isDir())
            return targetDir;
        return QString();