Home
Phabricator
Search
Log In
Differential
D5394
Diff 13539
src/buffer/katesecuretextbuffer.cpp
Changeset View
This is racy: If the newly set permissions allow someone to delete the file, it can be replaced with a symlink and the chown will take effect on the symlink target, which can be literally anything -> escalation.
This is not an issue for the rename call as if the file permissions allow deleting, they allow deleting for the destination file as well -> no escalation.
Solution: Use fchown.