lib/osutil: Don't chmod in atomic file creation (fixes #2472)

Instead, trust (and test) that the temp file has appropriate permissions from the start. The only place where this changes our behavior is for ignores which go from 0644 to 0600. I'm OK with that. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3756
2016-11-23 14:06:08 +00:00
parent 26730eb083
commit 8559e20237
6 changed files with 57 additions and 17 deletions
--- a/lib/osutil/atomic_unix_test.go
+++ b/lib/osutil/atomic_unix_test.go
@@ -0,0 +1,44 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+//+build !windows
+
+// (No syscall.Umask or the equivalent on Windows)
+
+package osutil
+
+import (
+	"io/ioutil"
+	"os"
+	"syscall"
+	"testing"
+)
+
+func TestTempFilePermissions(t *testing.T) {
+	// Set a zero umask, so any files created will have the permission bits
+	// asked for in the create call and nothing less.
+	oldMask := syscall.Umask(0)
+	defer syscall.Umask(oldMask)
+
+	fd, err := ioutil.TempFile("", "test")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	info, err := fd.Stat()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(fd.Name())
+	defer fd.Close()
+
+	// The temp file should have 0600 permissions at the most, or we have a
+	// security problem in CreateAtomic.
+	t.Logf("Got 0%03o", info.Mode())
+	if info.Mode()&^0600 != 0 {
+		t.Errorf("Permission 0%03o is too generous", info.Mode())
+	}
+}