From 3968160a916a759c3d3418da533e1b4f8b795343 Mon Sep 17 00:00:00 2001
From: Mike Swanson <mikeonthecomputer@gmail.com>
Date: Sat, 8 Jun 2019 21:54:02 -0700
Subject: [PATCH] [programs] set chmod 600 after opening destination file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This resolves a race condition where zstd or unzstd may expose read
permissions beyond the original file allowed.  Mode 600 is used
temporarily during the compression and decompression write stage
and the new file inherits the original file’s mode at the end.

Fixes #1630
---
 programs/fileio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/programs/fileio.c b/programs/fileio.c
index 3c45a986..12e1537e 100644
--- a/programs/fileio.c
+++ b/programs/fileio.c
@@ -566,6 +566,7 @@ static FILE* FIO_openDstFile(FIO_prefs_t* const prefs, const char* srcFileName,
     {   FILE* const f = fopen( dstFileName, "wb" );
         if (f == NULL)
             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+        chmod(dstFileName, 00600);
         return f;
     }
 }