Closed Bug 97851 Opened 24 years ago Closed 24 years ago

temporary file handling in file uploads leaves file with world readable permissions

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: blizzard, Assigned: blizzard)

Details

(Whiteboard: PDT+,critical for 0.9.4, have patch, r=pete, sr=waterson, checked into 0.9.4 branch but not tip)

Attachments

(4 files)

first pass at a patch
5.18 KB, patch
Details | Diff | Splinter Review
patch #2
5.86 KB, patch
Details | Diff | Splinter Review
patch that uses nsIFile
6.61 KB, patch
Details | Diff | Splinter Review
final patch
6.63 KB, patch
dbaron
: approval+
Details | Diff | Splinter Review
Build is from Aug 31, 2001. If you upload a file using multipart/form-data ( like filing an attachment for example ) the file that is left in /tmp for the form upload is world readable. This isn't acceptable on multi-user systems like unix.
blizzard: you'll want to make sure that the cstring path handling is correct on the mac... cc'ing dougt to review this portion. also, what about using a buffered output stream for writing to the file?
Actually, I was going to ask you about that. I think that I can tell what I need to do. I'll whip up another patch.
Attached patch patch #2Splinter Review
OK, this patch includes the buffered output stream, as requested. What's the deal with the file path names?
it happens that a mac file is not necessarily uniquely identified by a character string. use nsIDirectoryService instead of nsSpecialSystemDirectory, and you can get a nsIFile directly without manipulating c-string paths.
OK, this is a patch that seems to work locally and uses nsIFile instead of nsFileSpec. Seems clean to me and uses the right stream classes as well. Can you guys review? I'm especially interested in making sure that I haven't created any leaks.
+ postDataFileName->Append("formpost"); should be: rv = postDataFileName->Append("formpost"); if (NS_FAILED(rv)) return rv; It is good to test all accessors. In the curent nsIFile reorganization i'm currenty working on, Append will be taking an nsAString. (Just as a heads up). I'll convert this locally after you check this in. I didn't see any leaks. Anyone else? r=pete
Stealing this bug.
Assignee: rods → blizzard
Target Milestone: --- → mozilla0.9.4
Whiteboard: critical for 0.9.4, have patch, r=pete, sr=?
After calling NS_GetSpecialDirectory it is sufficant to just check for the resulting out nsIFile. Other than that nit, sr=me
+ if (NS_FAILED(rv)) { + NS_ASSERTION(NS_SUCCEEDED(rv), "Failed to close post data file stream!\n"); You can use NS_ERROR() for unconditional assert-botch. Other than that, looks good. r=waterson
This one looks worthy to me. Nominating for nsbranch+.
Keywords: nsbranch
PDT+ and nsbranch + per PDT
Keywords: nsbranchnsbranch+
Whiteboard: critical for 0.9.4, have patch, r=pete, sr=? → PDT+,critical for 0.9.4, have patch, r=pete, sr=?
Attached patch final patchSplinter Review
Whiteboard: PDT+,critical for 0.9.4, have patch, r=pete, sr=? → PDT+,critical for 0.9.4, have patch, r=pete, sr=waterson
Comment on attachment 48399 [details] [diff] [review] final patch a=dbaron on behalf of drivers
Attachment #48399 - Flags: approval+
Checked into the 0.9.4 branch.
Whiteboard: PDT+,critical for 0.9.4, have patch, r=pete, sr=waterson → PDT+,critical for 0.9.4, have patch, r=pete, sr=waterson, checked into 0.9.4 branch but not tip
Checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verifying on 2001-10-08-08-trunk The file is rw for root only..
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: