fix some edge cases (srcfile not owned by root or not r/w by root); make sure we don't leak info to other users
This commit is contained in:
parent
8ce796ba05
commit
d4e87dabdb
14
doasedit
14
doasedit
@ -20,14 +20,18 @@ done
|
|||||||
|
|
||||||
tempdir="/tmp/doasedit/$destfile_pfx"
|
tempdir="/tmp/doasedit/$destfile_pfx"
|
||||||
|
|
||||||
mkdir -p $tempdir
|
# we don't want any other users to be able to read what we're doing, so -m700
|
||||||
|
mkdir -m700 -p $tempdir
|
||||||
trap "rm -rf $tempdir" EXIT
|
trap "rm -rf $tempdir" EXIT
|
||||||
srcfile="$(doas realpath $1)"
|
srcfile="$(doas realpath $1)"
|
||||||
|
|
||||||
if doas [ -f "$srcfile" ]; then
|
if doas [ -f "$srcfile" ]; then
|
||||||
doas cp $srcfile $tempdir/edit
|
doas cp -a $srcfile $tempdir/file
|
||||||
doas chown -R $USER:$USER $tempdir/edit
|
doas cp -a $tempdir/file $tempdir/edit
|
||||||
doas cp $srcfile $tempdir/file
|
|
||||||
|
# make sure that the file is editable by user
|
||||||
|
doas chown $USER:$USER $tempdir/edit
|
||||||
|
chmod 600 $tempdir/edit
|
||||||
else
|
else
|
||||||
# create file with "regular" system permissions (root:root 644)
|
# create file with "regular" system permissions (root:root 644)
|
||||||
touch $tempdir/file
|
touch $tempdir/file
|
||||||
@ -38,7 +42,7 @@ $EDITOR $tempdir/edit
|
|||||||
|
|
||||||
cat $tempdir/edit | doas tee $tempdir/file 1>/dev/null
|
cat $tempdir/edit | doas tee $tempdir/file 1>/dev/null
|
||||||
|
|
||||||
if cmp -s "$tempdir/file" "$srcfile"; then
|
if doas cmp -s "$tempdir/file" "$srcfile"; then
|
||||||
echo "Skipping write; no changes."
|
echo "Skipping write; no changes."
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user