retitle 303927 CAN-2005-0988 gzip: file permissions modification race tags 303927 + patch thanks
This is the patch from Ubuntu package 1.3.5-9ubuntu3.1. I found it at <URL: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz > This bug is also listed in RedHat bugzilla, <URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155745 >, and the patch is also present there. The patch in RH bugzilla is credited Steve Grubb. The patch from Ubuntu and from Steve Grubb are almost identical. The patch from Steve Grubb add '(void)' to ignore the return value of fchown(). --- gzip-1.3.5.orig/gzip.c +++ gzip-1.3.5/gzip.c @@ -875,8 +881,11 @@ } close(ifd); - if (!to_stdout && close(ofd)) { - write_error(); + if (!to_stdout) { + /* Copy modes, times, ownership, and remove the input file */ + copy_stat(&istat); + if (close(ofd)) + write_error(); } if (method == -1) { if (!to_stdout) xunlink (ofname); @@ -896,10 +905,6 @@ } fprintf(stderr, "\n"); } - /* Copy modes, times, ownership, and remove the input file */ - if (!to_stdout) { - copy_stat(&istat); - } } /* ======================================================================== @@ -1725,7 +1732,7 @@ reset_times(ofname, ifstat); #endif /* Copy the protection modes */ - if (chmod(ofname, ifstat->st_mode & 07777)) { + if (fchmod(ofd, ifstat->st_mode & 07777)) { int e = errno; WARN((stderr, "%s: ", progname)); if (!quiet) { @@ -1734,7 +1741,7 @@ } } #ifndef NO_CHOWN - chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ + fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ #endif remove_ofname = 0; /* It's now safe to remove the input file: */ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]