* fileio.c (Fcopy_file) [!MSDOS]: Tighten created file's mask.

This fixes some race conditions on the permissions of any newly
created file.

diff --git a/src/ChangeLog b/src/ChangeLog
index ca42b69..484a442 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-18  Paul Eggert  <eggert@cs.ucla.edu>
 
+       * fileio.c (Fcopy_file) [!MSDOS]: Tighten created file's mask.
+       This fixes some race conditions on the permissions of any newly
+       created file.
+
        * alloc.c (valid_pointer_p): Use pipe, not open.
        This fixes some permissions issues when debugging.
 

diff --git a/src/fileio.c b/src/fileio.c
index fb2c081..3e1aa54 100644 (file)
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -1937,10 +1937,19 @@ on the system, we copy the SELinux context of FILE to NEWNAME.  */)
                    | (NILP (ok_if_already_exists) ? O_EXCL : 0),
                    S_IREAD | S_IWRITE);
 #else  /* not MSDOS */
-  ofd = emacs_open (SSDATA (encoded_newname),
-                   O_WRONLY | O_TRUNC | O_CREAT
-                   | (NILP (ok_if_already_exists) ? O_EXCL : 0),
-                   0666);
+  {
+    int new_mask = 0666;
+    if (input_file_statable_p)
+      {
+       if (!NILP (preserve_uid_gid))
+         new_mask = 0600;
+       new_mask &= st.st_mode;
+      }
+    ofd = emacs_open (SSDATA (encoded_newname),
+                     (O_WRONLY | O_TRUNC | O_CREAT
+                      | (NILP (ok_if_already_exists) ? O_EXCL : 0)),
+                     new_mask);
+  }
 #endif /* not MSDOS */
   if (ofd < 0)
     report_file_error ("Opening output file", Fcons (newname, Qnil));