blob: c3f97aaa93b38f76d4f2125fb8d6f8bff6103c09 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# This is an attempt to backport the security fix for leaving config
# files and directories world-readable that was originally applied in
# 0.8.9. 0.8.7 seems to be the last version that will compile without
# MySQL 4.
# Robert Coie <rac@gentoo.org> 2003.03.09
--- src/CConfig.cpp.orig 2003-03-09 13:25:08.000000000 -0800
+++ src/CConfig.cpp 2003-03-09 13:27:19.000000000 -0800
@@ -20,6 +20,12 @@
#include <qdir.h>
#include <qstringlist.h>
#include <qfile.h>
+
+#ifndef WIN32
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
#include "globals.h"
#include "config.h"
@@ -183,6 +189,14 @@
for (QMap<QString, QString>::Iterator it = entries.begin(); it != entries.end(); ++it)
t_strm << it.key() << "\t=\t" << it.data() << "\r\n";
f_strm.close();
+#ifndef WIN32
+ if (chmod(absoluteConfigFileName, S_IRUSR | S_IWUSR) != 0)
+ {
+#ifdef DEBUG
+ qDebug("CConfig::save() - Coudn't set mode 600 for" + absoluteConfigFileName);
+#endif
+ }
+#endif
return true;
}
else
@@ -312,6 +326,14 @@
#ifdef DEBUG
qDebug("private static CConfig::createDirectory() - " + d + " was created successfully.");
#endif
+#ifndef WIN32
+ if (chmod(d, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
+ {
+#ifdef DEBUG
+ qDebug("private static CConfig::createDirectory() - Coudn't set mode 700 for" + d);
+#endif
+ }
+#endif
return true;
}
else
|
GitWeb
