* files.c (do_writeout): Also abort on writing a backup

file when its owner doesn't match the edited file.



git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@4491 35c25a1d-7b9e-4130-9fde-d3aeb78583b8

ChangeLog

@@ -1,8 +1,9 @@
 2010-04-02 Chris Allegretta <chrisa@asty.org>
 	* files.c (do_writeout): Expand modification check to include both the
 	  original file's device ID and inode number as reasons to warn the 
-          user that the file has been modified.  Based on security article on nano
+          user that the file has been modified.  Also abort on writing a backup
-          by Dan Rosenberg.
+	  file when its owner doesn't match the edited file. Based on security 
+	  analysis on nano by Dan Rosenberg.
 
 2010-03-21 Chris Allegretta <chrisa@asty.org>
 	* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal

src/files.c

@@ -1519,6 +1519,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
 	char *backupname;
 	struct utimbuf filetime;
 	int copy_status;
+	struct stat backupst;
 
 	/* Save the original file's access and modification times. */
 	filetime.actime = openfile->current_stat->st_atime;
@@ -1588,6 +1589,15 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
 	    sprintf(backupname, "%s~", realname);
 	}
 
+	if (stat(backupname, &backupst) != -1 &&
+	    (backupst.st_uid != st.st_uid)) {
+	    statusbar(_("Error writing backup file %s: Permission mismatch"), backupname,
+		strerror(errno));
+	    free(backupname);
+	    goto cleanup_and_exit;
+	}
+
+
 	/* Open the destination backup file.  Before we write to it, we
 	 * set its permissions, so no unauthorized person can read it as
 	 * we write. */