[programs] set chmod 600 after opening destination file

This resolves a race condition where zstd or unzstd may expose read
permissions beyond the original file allowed.  Mode 600 is used
temporarily during the compression and decompression write stage
and the new file inherits the original file’s mode at the end.

Fixes #1630

diff --git a/programs/fileio.c b/programs/fileio.c
index 3c45a986434edcb82b0ce2a560f1ec7de2b48b2e..12e1537e6c0329413ffb8b00d1bab6d7efdf2b6a 100644 (file)
--- a/programs/fileio.c
+++ b/programs/fileio.c
@@ -566,6 +566,7 @@ static FILE* FIO_openDstFile(FIO_prefs_t* const prefs, const char* srcFileName,
     {   FILE* const f = fopen( dstFileName, "wb" );
         if (f == NULL)
             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+        chmod(dstFileName, 00600);
         return f;
     }
 }