mirror of
https://github.com/syncthing/syncthing.git
synced 2024-11-16 18:41:59 -07:00
8559e20237
Instead, trust (and test) that the temp file has appropriate permissions from the start. The only place where this changes our behavior is for ignores which go from 0644 to 0600. I'm OK with that. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3756
45 lines
1.0 KiB
Go
45 lines
1.0 KiB
Go
// Copyright (C) 2016 The Syncthing Authors.
|
|
//
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
// You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
//+build !windows
|
|
|
|
// (No syscall.Umask or the equivalent on Windows)
|
|
|
|
package osutil
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"os"
|
|
"syscall"
|
|
"testing"
|
|
)
|
|
|
|
func TestTempFilePermissions(t *testing.T) {
|
|
// Set a zero umask, so any files created will have the permission bits
|
|
// asked for in the create call and nothing less.
|
|
oldMask := syscall.Umask(0)
|
|
defer syscall.Umask(oldMask)
|
|
|
|
fd, err := ioutil.TempFile("", "test")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := fd.Stat()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer os.Remove(fd.Name())
|
|
defer fd.Close()
|
|
|
|
// The temp file should have 0600 permissions at the most, or we have a
|
|
// security problem in CreateAtomic.
|
|
t.Logf("Got 0%03o", info.Mode())
|
|
if info.Mode()&^0600 != 0 {
|
|
t.Errorf("Permission 0%03o is too generous", info.Mode())
|
|
}
|
|
}
|