Blame 0042-abrtd-switch-owner-of-the-dump-location-to-root.patch
|
Jakub Filak |
d596ad |
From 5653ddfeb61279df38e80ab18652afa68c964eb6 Mon Sep 17 00:00:00 2001
|
|
Jakub Filak |
d596ad |
From: Jakub Filak <jfilak@redhat.com>
|
|
Jakub Filak |
d596ad |
Date: Wed, 30 Sep 2015 14:14:31 +0200
|
|
Jakub Filak |
d596ad |
Subject: [PATCH] abrtd: switch owner of the dump location to 'root'
|
|
Jakub Filak |
d596ad |
|
|
Jakub Filak |
d596ad |
Additional hardening suggested by Florian Weimer <fweimer@redhat.com>
|
|
Jakub Filak |
d596ad |
Related to CVE-2015-5287
|
|
Jakub Filak |
d596ad |
|
|
Jakub Filak |
d596ad |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
Jakub Filak |
d596ad |
---
|
|
Jakub Filak |
d596ad |
src/daemon/abrtd.c | 2 +-
|
|
Jakub Filak |
d596ad |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Jakub Filak |
d596ad |
|
|
Jakub Filak |
d596ad |
diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c
|
|
Jakub Filak |
d596ad |
index 0352eed..90a7163 100644
|
|
Jakub Filak |
d596ad |
--- a/src/daemon/abrtd.c
|
|
Jakub Filak |
d596ad |
+++ b/src/daemon/abrtd.c
|
|
Jakub Filak |
d596ad |
@@ -195,7 +195,7 @@ static void sanitize_dump_dir_rights(void)
|
|
Jakub Filak |
d596ad |
* us with thousands of bogus or malicious dumps */
|
|
Jakub Filak |
d596ad |
/* 07000 bits are setuid, setgit, and sticky, and they must be unset */
|
|
Jakub Filak |
d596ad |
/* 00777 bits are usual "rwxrwxrwx" access rights */
|
|
Jakub Filak |
d596ad |
- ensure_writable_dir(g_settings_dump_location, DEFAULT_DUMP_LOCATION_MODE, "abrt");
|
|
Jakub Filak |
d596ad |
+ ensure_writable_dir_group(g_settings_dump_location, DEFAULT_DUMP_LOCATION_MODE, "root", "abrt");
|
|
Jakub Filak |
d596ad |
/* temp dir */
|
|
Jakub Filak |
d596ad |
ensure_writable_dir(VAR_RUN"/abrt", 0755, "root");
|
|
Jakub Filak |
d596ad |
}
|
|
Jakub Filak |
d596ad |
--
|
|
Jakub Filak |
d596ad |
2.6.3
|
|
Jakub Filak |
d596ad |
|