From b59b67c56e338162437c045a8a0e2156bcde9a0b Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 18 Jul 2011 10:21:18 -0700
Subject: * fileio.c (Fcopy_file): Adjust mode if fchown fails.  (Bug#9002)

If fchown fails to set both uid and gid, try to set just gid,
as that is sometimes allowed.  Adjust the file's mode to eliminate
setuid or setgid bits that are inappropriate if fchown fails.
---
 src/fileio.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'src/fileio.c')

diff --git a/src/fileio.c b/src/fileio.c
index a52e834c2b2..fb2c081ae5c 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -38,8 +38,6 @@ along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 #include <selinux/context.h>
 #endif
 
-#include <ignore-value.h>
-
 #include "lisp.h"
 #include "intervals.h"
 #include "buffer.h"
@@ -1961,9 +1959,21 @@ on the system, we copy the SELinux context of FILE to NEWNAME.  */)
      owner and group.  */
   if (input_file_statable_p)
     {
+      int mode_mask = 07777;
       if (!NILP (preserve_uid_gid))
-	ignore_value (fchown (ofd, st.st_uid, st.st_gid));
-      if (fchmod (ofd, st.st_mode & 07777) != 0)
+	{
+	  /* Attempt to change owner and group.  If that doesn't work
+	     attempt to change just the group, as that is sometimes allowed.
+	     Adjust the mode mask to eliminate setuid or setgid bits
+	     that are inappropriate if the owner and group are wrong.  */
+	  if (fchown (ofd, st.st_uid, st.st_gid) != 0)
+	    {
+	      mode_mask &= ~06000;
+	      if (fchown (ofd, -1, st.st_gid) == 0)
+		mode_mask |= 02000;
+	    }
+	}
+      if (fchmod (ofd, st.st_mode & mode_mask) != 0)
 	report_file_error ("Doing chmod", Fcons (newname, Qnil));
     }
 #endif	/* not MSDOS */
-- 
cgit v1.2.1


From 15e3a074a6ebdcefd828a1ba14a5a12ff9921034 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 18 Jul 2011 14:01:36 -0700
Subject: * fileio.c (Fcopy_file) [!MSDOS]: Tighten created file's mask.

This fixes some race conditions on the permissions of any newly
created file.
---
 src/fileio.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'src/fileio.c')

diff --git a/src/fileio.c b/src/fileio.c
index fb2c081ae5c..3e1aa54462f 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -1937,10 +1937,19 @@ on the system, we copy the SELinux context of FILE to NEWNAME.  */)
 		    | (NILP (ok_if_already_exists) ? O_EXCL : 0),
 		    S_IREAD | S_IWRITE);
 #else  /* not MSDOS */
-  ofd = emacs_open (SSDATA (encoded_newname),
-		    O_WRONLY | O_TRUNC | O_CREAT
-		    | (NILP (ok_if_already_exists) ? O_EXCL : 0),
-		    0666);
+  {
+    int new_mask = 0666;
+    if (input_file_statable_p)
+      {
+	if (!NILP (preserve_uid_gid))
+	  new_mask = 0600;
+	new_mask &= st.st_mode;
+      }
+    ofd = emacs_open (SSDATA (encoded_newname),
+		      (O_WRONLY | O_TRUNC | O_CREAT
+		       | (NILP (ok_if_already_exists) ? O_EXCL : 0)),
+		      new_mask);
+  }
 #endif /* not MSDOS */
   if (ofd < 0)
     report_file_error ("Opening output file", Fcons (newname, Qnil));
-- 
cgit v1.2.1