From 3968160a916a759c3d3418da533e1b4f8b795343 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Sat, 8 Jun 2019 21:54:02 -0700 Subject: [PATCH] [programs] set chmod 600 after opening destination file MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This resolves a race condition where zstd or unzstd may expose read permissions beyond the original file allowed. Mode 600 is used temporarily during the compression and decompression write stage and the new file inherits the original file’s mode at the end. Fixes #1630 --- programs/fileio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/fileio.c b/programs/fileio.c index 3c45a9864..12e1537e6 100644 --- a/programs/fileio.c +++ b/programs/fileio.c @@ -566,6 +566,7 @@ static FILE* FIO_openDstFile(FIO_prefs_t* const prefs, const char* srcFileName, { FILE* const f = fopen( dstFileName, "wb" ); if (f == NULL) DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno)); + chmod(dstFileName, 00600); return f; } } -- 2.47.3