file: preserve original file mode after commit

Because mkstemp() create a file with mode 0600, only user doing the commit (typically root) will be allowed to inspect the content of the file after uci commit. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
author: Alin Nastac <alin.nastac@gmail.com> 2020-04-24 16:49:55 +0200
committer: Hans Dedecker <dedeckeh@gmail.com> 2020-04-27 21:16:27 +0200
commit: ec8d3233948603485e1b97384113fac9f1bab5d6 (patch)
tree: 5ee83902ab7e5aaa6ead795588f97a9338414f8d
parent: e8d83732f9eb571dce71aa915ff38a072579610b (diff)
download: uci-ec8d3233948603485e1b97384113fac9f1bab5d6.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/file.c b/file.c
index 3ac49c6..6486de9 100644
--- a/file.c
+++ b/file.c
@@ -724,6 +724,7 @@ static void uci_file_commit(struct uci_context *ctx, struct uci_package **packag
 	char *volatile name = NULL;
 	char *volatile path = NULL;
 	char *filename = NULL;
+	struct stat statbuf;
 	volatile bool do_rename = false;
 	int fd;
 
@@ -801,7 +802,7 @@ done:
 	uci_close_stream(f1);
 	if (do_rename) {
 		path = realpath(p->path, NULL);
-		if (!path || rename(filename, path)) {
+		if (!path || stat(path, &statbuf) || chmod(filename, statbuf.st_mode) || rename(filename, path)) {
 			unlink(filename);
 			UCI_THROW(ctx, UCI_ERR_IO);
 		}
author	Alin Nastac <alin.nastac@gmail.com>	2020-04-24 16:49:55 +0200
committer	Hans Dedecker <dedeckeh@gmail.com>	2020-04-27 21:16:27 +0200
commit	ec8d3233948603485e1b97384113fac9f1bab5d6 (patch)
tree	5ee83902ab7e5aaa6ead795588f97a9338414f8d
parent	e8d83732f9eb571dce71aa915ff38a072579610b (diff)
download	uci-ec8d3233948603485e1b97384113fac9f1bab5d6.tar.gz