rpms / abrt

Clone
Source Code
GIT

Blame 0081-ccpp-postpone-changing-ownership-of-new-dump-directo.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-debrand c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   f21
  2.   0081-ccpp-postpone-changing-ownership-of-new-dump-directo.patch
Blob History Raw
Matej Habrnal fa1950 
From ccbab90e154f7917178cc1d56d8990b01ea45023 Mon Sep 17 00:00:00 2001
Matej Habrnal fa1950 
From: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
Date: Wed, 15 Apr 2015 15:27:09 +0200
Matej Habrnal fa1950 
Subject: [PATCH] ccpp: postpone changing ownership of new dump directories
Matej Habrnal fa1950
Matej Habrnal fa1950 
Florian Weimer <fweimer@redhat.com>:
Matej Habrnal fa1950
Matej Habrnal fa1950 
    Currently, dd_create changes ownership of the directory immediately,
Matej Habrnal fa1950 
    when it is still empty. This means that any operations within the
Matej Habrnal fa1950 
    directory (which happen as the root user) can race with changes to
Matej Habrnal fa1950 
    the directory contents by the user. If you delay changing directory
Matej Habrnal fa1950 
    ownership until all the files have created and written, this is no
Matej Habrnal fa1950 
    longer a problem.
Matej Habrnal fa1950
Matej Habrnal fa1950 
Related: #1211835
Matej Habrnal fa1950
Matej Habrnal fa1950 
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
---
Matej Habrnal fa1950 
 src/hooks/abrt-hook-ccpp.c | 9 ++++++++-
Matej Habrnal fa1950 
 1 file changed, 8 insertions(+), 1 deletion(-)
Matej Habrnal fa1950
Matej Habrnal fa1950 
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
Matej Habrnal fa1950 
index 880daf6..04889da 100644
Matej Habrnal fa1950 
--- a/src/hooks/abrt-hook-ccpp.c
Matej Habrnal fa1950 
+++ b/src/hooks/abrt-hook-ccpp.c
Matej Habrnal fa1950 
@@ -598,8 +598,12 @@ int main(int argc, char** argv)
Matej Habrnal fa1950
Matej Habrnal fa1950 
     /* use fsuid instead of uid, so we don't expose any sensitive
Matej Habrnal fa1950 
      * information of suided app in /var/tmp/abrt
Matej Habrnal fa1950 
+     *
Matej Habrnal fa1950 
+     * dd_create_skeleton() creates a new directory and leaves ownership to
Matej Habrnal fa1950 
+     * the current user, hence, we have to call dd_reset_ownership() after the
Matej Habrnal fa1950 
+     * directory is populated.
Matej Habrnal fa1950 
      */
Matej Habrnal fa1950 
-    dd = dd_create(path, fsuid, DEFAULT_DUMP_DIR_MODE);
Matej Habrnal fa1950 
+    dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
Matej Habrnal fa1950 
     if (dd)
Matej Habrnal fa1950 
     {
Matej Habrnal fa1950 
         char *rootdir = get_rootdir(pid);
Matej Habrnal fa1950 
@@ -782,6 +786,9 @@ int main(int argc, char** argv)
Matej Habrnal fa1950 
         if (tid > 0 && setting_CreateCoreBacktrace)
Matej Habrnal fa1950 
             create_core_backtrace(tid, executable, signal_no, dd);
Matej Habrnal fa1950
Matej Habrnal fa1950 
+        /* And finally set the right uid and gid */
Matej Habrnal fa1950 
+        dd_reset_ownership(dd);
Matej Habrnal fa1950 
+
Matej Habrnal fa1950 
         /* We close dumpdir before we start catering for crash storm case.
Matej Habrnal fa1950 
          * Otherwise, delete_dump_dir's from other concurrent
Matej Habrnal fa1950 
          * CCpp's won't be able to delete our dump (their delete_dump_dir
Matej Habrnal fa1950 
--
Matej Habrnal fa1950 
2.1.0
Matej Habrnal fa1950

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation