• Colin Walters's avatar
    Ensure g_file_copy() does not temporarily expose private files · 9f1a0b57
    Colin Walters authored
    Previously, g_file_copy() would (on Unix) create files with the
    default mode of 644.  For applications which might at user request
    copy arbitrary private files such as ~/.ssh or /etc/shadow, a
    world-readable copy would be temporarily exposed.
    This patch is suboptimal in that it *only* fixes g_file_copy()
    for the case where both source and destination are instances of
    GLocalFile on Unix.
    The reason for this is that the public GFile APIs for creating files
    allow very limited control over the access permissions for the created
    file; one can either say a file is "private" or not.  Fixing
    this by adding e.g. g_file_create_with_attributes() would make sense,
    except this would entail 8 new API calls for all the variants of
    _create(), _create_async(), _replace(), _replace_async(),
    _create_readwrite(), _create_readwrite_async(), _replace_readwrite(),
    _replace_readwrite_async().  That can be done as a separate patch
gfile.c 255 KB