[programs] set chmod 600 after opening destination file

This resolves a race condition where zstd or unzstd may expose read permissions beyond the original file allowed. Mode 600 is used temporarily during the compression and decompression write stage and the new file inherits the original file’s mode at the end. Fixes #1630
2019-06-08 21:54:02 -07:00 · 2019-06-08 21:54:02 -07:00 · 3968160a91
commit 3968160a91
parent d06c15cc89
1 changed files with 1 additions and 0 deletions
--- a/programs/fileio.c
+++ b/programs/fileio.c
@ -566,6 +566,7 @@ static FILE* FIO_openDstFile(FIO_prefs_t* const prefs, const char* srcFileName,
    {   FILE* const f = fopen( dstFileName, "wb" );
        if (f == NULL)
            DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+        chmod(dstFileName, 00600);
        return f;
    }
 }