CVE-2019-12450: gfile: Limit access to files when copying (!876) · Merge requests · GNOME / GLib

Ondrej Holy requested to merge wip/oholy/copy-permissions into master May 30, 2019

file_copy_fallback creates new files with default permissions and set the correct permissions after the operation is finished. This might cause that the files can be accessible by more users during the operation than expected. Use G_FILE_CREATE_PRIVATE for the new files to limit access to those files.

CVE-2019-12450: gfile: Limit access to files when copying

Merge request reports