2010-04-02 Chris Allegretta <chrisa@asty.org>
* files.c (do_writeout): Expand modification check to include both the
original file's device ID and inode number as reasons to warn the
- user that the file has been modified. Based on security article on nano
- by Dan Rosenberg.
+ user that the file has been modified. Also abort on writing a backup
+ file when its owner doesn't match the edited file. Based on security
+ analysis on nano by Dan Rosenberg.
2010-03-21 Chris Allegretta <chrisa@asty.org>
* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal
char *backupname;
struct utimbuf filetime;
int copy_status;
+ struct stat backupst;
/* Save the original file's access and modification times. */
filetime.actime = openfile->current_stat->st_atime;
sprintf(backupname, "%s~", realname);
}
+ if (stat(backupname, &backupst) != -1 &&
+ (backupst.st_uid != st.st_uid)) {
+ statusbar(_("Error writing backup file %s: Permission mismatch"), backupname,
+ strerror(errno));
+ free(backupname);
+ goto cleanup_and_exit;
+ }
+
+
/* Open the destination backup file. Before we write to it, we
* set its permissions, so no unauthorized person can read it as
* we write. */