2006-12-04 Paul Eggert <eggert@cs.ucla.edu>
+ * NEWS: Describe the following change briefly.
+ * bootstrap.conf (gnulib_modules): Remove stat-macros; no longer
+ needed.
+ * gzip.c: Don't include stat-macros.h; no longer needed.
+ (treat_file): Refuse to compress files that are setuid, or setgid,
+ as this can in theory lead to security holes. Also, refuse to
+ compress files with the sticky bit set, on general principle.
+ (copy_stat): Don't copy the setuid, setgid, or sticky bits,
+ as (given the above change) they'll always be zero here.
+ Invoke chmod before chown, to close a race condition.
+
* .cvsignore: Add *.doc, build-aux.
* doc/.cvignore: New file.
* lib/.cvsignore: New file.
Major changes in Gzip 1.3.7 (not yet released)
+* Fix some gzip problems:
+ - Refuse to compress setuid or setgid files, or files with the sticky bit.
+ - Fix more race conditions in setting file permissions and owner.
+ - Fix a core dump caused by a stray abort mistakenly introduced in 1.3.6.
* Fix some gzexe problems:
- Improve resistance to denial-of-service attacks.
- Fix some quoting and escaping bugs.
#include "fcntl-safer.h"
#include "getopt.h"
#include "openat.h"
-#include "stat-macros.h"
#include "stat-time.h"
/* configuration */
close (ifd);
return;
}
+
+ if (istat.st_mode & S_ISUID)
+ {
+ WARN ((stderr, "%s: %s is set-user-ID on execution - ignored\n",
+ program_name, ifname));
+ close (ifd);
+ return;
+ }
+ if (istat.st_mode & S_ISGID)
+ {
+ WARN ((stderr, "%s: %s is set-group-ID on execution - ignored\n",
+ program_name, ifname));
+ close (ifd);
+ return;
+ }
+ if (istat.st_mode & S_ISVTX)
+ {
+ WARN ((stderr, "%s: %s has the sticky bit set - file ignored\n",
+ program_name, ifname));
+ close (ifd);
+ return;
+ }
+
if (istat.st_nlink > 1 && !to_stdout && !force) {
WARN((stderr, "%s: %s has %lu other link%c -- unchanged\n",
program_name, ifname, (unsigned long) istat.st_nlink - 1,
local void copy_stat(ifstat)
struct stat *ifstat;
{
- mode_t mode = ifstat->st_mode & CHMOD_MODE_BITS;
+ mode_t mode = ifstat->st_mode & S_IRWXUGO;
int r;
#ifndef NO_UTIME
}
}
#endif
+
+#ifndef NO_CHOWN
+# if HAVE_FCHOWN
+ fchown (ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
+# else
+ chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
+# endif
+#endif
+
/* Copy the protection modes */
#if HAVE_FCHMOD
r = fchmod (ofd, mode);
perror(ofname);
}
}
-#ifndef NO_CHOWN
-# if HAVE_FCHOWN
- fchown (ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
-# else
- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
-# endif
-#endif
}
#if ! NO_DIR