From ec8d3233948603485e1b97384113fac9f1bab5d6 Mon Sep 17 00:00:00 2001
From: Alin Nastac <alin.nastac@gmail.com>
Date: Fri, 24 Apr 2020 16:49:55 +0200
Subject: [PATCH] file: preserve original file mode after commit

Because mkstemp() create a file with mode 0600, only user doing
the commit (typically root) will be allowed to inspect the content
of the file after uci commit.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
---
 file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/file.c b/file.c
index 3ac49c6..6486de9 100644
--- a/file.c
+++ b/file.c
@@ -724,6 +724,7 @@ static void uci_file_commit(struct uci_context *ctx, struct uci_package **packag
 	char *volatile name = NULL;
 	char *volatile path = NULL;
 	char *filename = NULL;
+	struct stat statbuf;
 	volatile bool do_rename = false;
 	int fd;
 
@@ -801,7 +802,7 @@ done:
 	uci_close_stream(f1);
 	if (do_rename) {
 		path = realpath(p->path, NULL);
-		if (!path || rename(filename, path)) {
+		if (!path || stat(path, &statbuf) || chmod(filename, statbuf.st_mode) || rename(filename, path)) {
 			unlink(filename);
 			UCI_THROW(ctx, UCI_ERR_IO);
 		}
-- 
2.25.1