lib/zstd
1
0
Fork 0
mirror of https://github.com/facebook/zstd.git synced 2025-08-07 06:23:00 +03:00
Code Activity

Mimic gzip chown(gid), chmod(), chown(uid) Behavior

Browse Source 
Avoids a race condition in which we unintentionally open up permissions to
the wrong group.
This commit is contained in:
W. Felix Handte
2023-01-17 16:37:30 -08:00
parent 1e3eba65a6
commit 0d2d460223
5 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
programs/util.c
View File

@@ -249,11 +249,23 @@ int UTIL_setFileStat(const char *filename, const stat_t *statbuf)
/* set access and modification times */ /* set access and modification times */
res += UTIL_utime(filename, statbuf); res += UTIL_utime(filename, statbuf);
/* Mimic gzip's behavior:
*
* "Change the group first, then the permissions, then the owner.
* That way, the permissions will be correct on systems that allow
* users to give away files, without introducing a security hole.
* Security depends on permissions not containing the setuid or
* setgid bits." */
#if !defined(_WIN32) #if !defined(_WIN32)
res += chown(filename, statbuf->st_uid, statbuf->st_gid); /* Copy ownership */ res += chown(filename, -1, statbuf->st_gid); /* Apply group ownership */
#endif #endif
res += UTIL_chmod(filename, &curStatBuf, statbuf->st_mode & 07777); /* Copy file permissions */ res += UTIL_chmod(filename, &curStatBuf, statbuf->st_mode & 0777); /* Copy file permissions */
#if !defined(_WIN32)
res += chown(filename, statbuf->st_uid, -1); /* Apply user ownership */
#endif
errno = 0; errno = 0;
UTIL_TRACE_RET(-res); UTIL_TRACE_RET(-res);

1
tests/cli-tests/file-stat/compress-file-to-file.sh
View File

@@ -3,6 +3,7 @@
set -e set -e
datagen > file datagen > file
chmod 642 file
zstd file -q --trace-file-stat -o file.zst zstd file -q --trace-file-stat -o file.zst
zstd -tq file.zst zstd -tq file.zst

2
tests/cli-tests/file-stat/compress-file-to-file.sh.stderr.exact
View File

@@ -35,7 +35,7 @@ Trace:FileStat: > UTIL_stat(file.zst)
Trace:FileStat: < 1 Trace:FileStat: < 1
Trace:FileStat: > UTIL_utime(file.zst) Trace:FileStat: > UTIL_utime(file.zst)
Trace:FileStat: < 0 Trace:FileStat: < 0
Trace:FileStat: > UTIL_chmod(file.zst, 420) Trace:FileStat: > UTIL_chmod(file.zst, 418)
Trace:FileStat: > chmod Trace:FileStat: > chmod
Trace:FileStat: < 0 Trace:FileStat: < 0
Trace:FileStat: < 0 Trace:FileStat: < 0

1
tests/cli-tests/file-stat/decompress-file-to-file.sh
View File

@@ -3,5 +3,6 @@
set -e set -e
datagen | zstd -q > file.zst datagen | zstd -q > file.zst
chmod 642 file.zst
zstd -dq --trace-file-stat file.zst zstd -dq --trace-file-stat file.zst

2
tests/cli-tests/file-stat/decompress-file-to-file.sh.stderr.exact
View File

@@ -31,7 +31,7 @@ Trace:FileStat: > UTIL_stat(file)
Trace:FileStat: < 1 Trace:FileStat: < 1
Trace:FileStat: > UTIL_utime(file) Trace:FileStat: > UTIL_utime(file)
Trace:FileStat: < 0 Trace:FileStat: < 0
Trace:FileStat: > UTIL_chmod(file, 420) Trace:FileStat: > UTIL_chmod(file, 418)
Trace:FileStat: > chmod Trace:FileStat: > chmod
Trace:FileStat: < 0 Trace:FileStat: < 0
Trace:FileStat: < 0 Trace:FileStat: < 0