From: Chris Allegretta Date: Sun, 3 Dec 2000 03:01:12 +0000 (+0000) Subject: Okay last time, now if there's any file at all, dont save the .save file. (foolproof? :) X-Git-Tag: v0.9.22~7 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=581bc60d0cb6866ca88255eb0de12ef85df9e44a;p=nano.git Okay last time, now if there's any file at all, dont save the .save file. (foolproof? :) git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@368 35c25a1d-7b9e-4130-9fde-d3aeb78583b8 --- diff --git a/ChangeLog b/ChangeLog index b4ba2efe..b5e99b82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,8 +23,7 @@ CVS code - - files.c: write_file() - Unsetting modified on temp files bug fixed (Rocco Corsi). - - Okay, if tmp == 1 and the file is a symlink the user doesn't - own, we return -1. + - Okay, if tmp == 1 and the file exists, we abort. do_insertfile() - Added call to real_name_from tilde, oops. Added check for DISABLE_TABCOMP. @@ -66,7 +65,7 @@ CVS code - die() - Now creates .save file using variable-length strings. Also calls write_file with tmp == 1, which happens to do exactly what - we want (abort on save file is a symlink and use mode 0600). + we want (abort on save file exists and use mode 0600). handle_sighup() - Now calls die instead of writing on its own and exiting normally. - search.c: diff --git a/files.c b/files.c index 9798521a..bc76729a 100644 --- a/files.c +++ b/files.c @@ -321,7 +321,6 @@ int write_file(char *name, int tmp) realname = mallocstrcpy(realname, name); #endif - /* Save the state of file at the end of the symlink */ realexists = stat(realname, &st); @@ -330,9 +329,9 @@ int write_file(char *name, int tmp) cause unexpected behavior */ lstat(realname, &st); - /* New case: if it's a symlink and tmp is set AND the user does not - own the symlink, abort. It could be a symlink attack */ - if (tmp && S_ISLNK(st.st_mode) && getuid() != st.st_uid) + /* New case: if the file exists, just give up. Easy way out of + all security issues */ + if (tmp && realexists != -1) return -1; else if (ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode)) { @@ -430,7 +429,7 @@ int write_file(char *name, int tmp) } else { /* Use permissions from file we are overwriting. */ mask = st.st_mode; - if (!tmp && unlink(realname) == -1) { + if (unlink(realname) == -1) { if (errno != ENOENT) { statusbar(_("Could not open %s for writing: %s"), realname, strerror(errno)); diff --git a/nano.c b/nano.c index 32bd5eae..af1edd69 100644 --- a/nano.c +++ b/nano.c @@ -136,7 +136,7 @@ void die(char *msg, ...) if (i != -1) fprintf(stderr, _("\nBuffer written to %s\n"), name); else - fprintf(stderr, _("\nNo .save file written (symlink encountered?)\n")); + fprintf(stderr, _("\nNo .save file written (file exists?)\n")); exit(1); /* We have a problem: exit w/ errorlevel(1) */ }