# HG changeset patch # User Vladimir Marek # Date 1382607157 -7200 # Node ID 5260a9f352d7c1135d64654c4914c60ec4b9f5a3 # Parent 25fca853cb6dce98814f470c81de642158e451b1 17601119 gzip is unable to set permissions under file_chown_self privilege diff -r 25fca853cb6d -r 5260a9f352d7 components/gzip/patches/chmod_chown.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/gzip/patches/chmod_chown.patch Thu Oct 24 11:32:37 2013 +0200 @@ -0,0 +1,83 @@ +http://debbugs.gnu.org/cgi/bugreport.cgi?bug=15672 + +The patch was changed so that it applies cleanly to our soruce tree. +--- +Thanks for the suggestion. Does the following patch work for you? +I've pushed this to the savannah master for gzip. + +From 0f167be4f843ac5fcd8f0bc120202782d09a453f Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Thu, 24 Oct 2013 00:19:56 -0700 +Subject: [PATCH] gzip: fix permissions issue on Solaris-like systems + +I.e., on systems that let users give files away. +* gzip.c (do_chown): New function. +(copy_stat): Use it, to change the group, then the permissions, +then the owner. Idea suggested by Vladimir Marek in + +--- + gzip.c | 33 ++++++++++++++++++++++++--------- + 1 file changed, 24 insertions(+), 9 deletions(-) + +diff --git a/gzip.c b/gzip.c +index 93cc738..f40cd21 100644 +--- a/gzip.c ++++ b/gzip.c +@@ -1684,6 +1684,21 @@ local int check_ofname() + return OK; + } + ++/* Change the owner and group of a file. FD is a file descriptor for ++ the file and NAME its name. Change it to user UID and to group GID. ++ If UID or GID is -1, though, do not change the corresponding user ++ or group. */ ++static void ++do_chown (int fd, char const *name, uid_t uid, gid_t gid) ++{ ++#ifndef NO_CHOWN ++# if HAVE_FCHOWN ++ ignore_value (fchown (fd, uid, gid)); ++# else ++ ignore_value (chown (name, uid, gid)); ++# endif ++#endif ++} + + /* ======================================================================== + * Copy modes, times, ownership from input file to output file. +@@ -1722,16 +1727,14 @@ local void copy_stat(ifstat) + } + #endif + +-#ifndef NO_CHOWN +- /* Copy ownership */ +-# if HAVE_FCHOWN +- ignore_value (fchown (ofd, ifstat->st_uid, ifstat->st_gid)); +-# elif HAVE_CHOWN +- ignore_value (chown (ofname, ifstat->st_uid, ifstat->st_gid)); +-# endif +-#endif ++ /* Change the group first, then the permissions, then the owner. ++ That way, the permissions will be correct on systems that allow ++ users to give away files, without introducing a security hole. ++ Security depends on permissions not containing the setuid or ++ setgid bits. */ ++ ++ do_chown (ofd, ofname, -1, ifstat->st_gid); + +- /* Copy the protection modes */ + #if HAVE_FCHMOD + r = fchmod (ofd, mode); + #else +@@ -1745,6 +1758,8 @@ local void copy_stat(ifstat) + perror(ofname); + } + } ++ ++ do_chown (ofd, ofname, ifstat->st_uid, -1); + } + + #if ! NO_DIR +-- +1.8.3.1 +