From f22b65b47990237bd5d9a1c171919c3059fbd9b0 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Wed, 9 Apr 2014 10:12:10 +0200
Subject: Fix insecure file permissions when using FileFd with OpenMode::Atomic

Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug
that caused FileFd to create insecure permissions when FileFd::Atomic
is used. This commit fixes the permissions and adds a test.

The bug is most likely caused by the confusing "Perm" parameter
that is passed to Open() - its not the file permissions but intead
the "mode" part of open/creat.
---
 test/libapt/fileutl_test.cc | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'test')

diff --git a/test/libapt/fileutl_test.cc b/test/libapt/fileutl_test.cc
index 8da832ba9..1d1a1a1b8 100644
--- a/test/libapt/fileutl_test.cc
+++ b/test/libapt/fileutl_test.cc
@@ -6,13 +6,44 @@
 #include <string>
 #include <vector>
 #include <stdlib.h>
+#include <sys/stat.h>
 
 #include "assert.h"
 
+// regression test for permission bug LP: #1304657
+static bool
+TestFileFdOpenPermissions(mode_t a_umask, mode_t ExpectedFilePermission)
+{
+   FileFd f;
+   struct stat buf;
+   static const char* fname = "test.txt";
+
+   umask(a_umask);
+   f.Open(fname, FileFd::ReadWrite|FileFd::Atomic);
+   f.Close();
+   if (stat(fname, &buf) < 0)
+   {
+      _error->Errno("stat", "failed to stat");
+      _error->DumpErrors();
+      return false;
+   }
+   unlink(fname);
+   equals(buf.st_mode & 0777, ExpectedFilePermission);
+   return true;
+}
+
 int main()
 {
    std::vector<std::string> files;
 
+   if (TestFileFdOpenPermissions(0002, 0664) == false ||
+       TestFileFdOpenPermissions(0022, 0644) == false ||
+       TestFileFdOpenPermissions(0077, 0600) == false ||
+       TestFileFdOpenPermissions(0026, 0640) == false)
+   {
+      return 1;
+   }
+
    // normal match
    files = Glob("*.lst");
    if (files.size() != 1)
-- 
cgit v1.2.3