Matej Habrnal fa1950
From f1188d8857f2c9773156890d0037296f5361b0bf Mon Sep 17 00:00:00 2001
Matej Habrnal fa1950
From: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950
Date: Wed, 6 May 2015 14:04:42 +0200
Matej Habrnal fa1950
Subject: [PATCH] daemon: harden against race conditions in DELETE
Matej Habrnal fa1950
Matej Habrnal fa1950
There is a race between checking dump dir accessibility and deleting it
Matej Habrnal fa1950
in abrt-server.
Matej Habrnal fa1950
Matej Habrnal fa1950
Related: #1214457.
Matej Habrnal fa1950
Matej Habrnal fa1950
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950
---
Matej Habrnal fa1950
 src/daemon/abrt-server.c | 21 +++++++++++++++++++--
Matej Habrnal fa1950
 1 file changed, 19 insertions(+), 2 deletions(-)
Matej Habrnal fa1950
Matej Habrnal fa1950
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
Matej Habrnal fa1950
index 8c48509..cfdd9b7 100644
Matej Habrnal fa1950
--- a/src/daemon/abrt-server.c
Matej Habrnal fa1950
+++ b/src/daemon/abrt-server.c
Matej Habrnal fa1950
@@ -91,8 +91,16 @@ static int delete_path(const char *dump_dir_name)
Matej Habrnal fa1950
         error_msg("Problem directory '%s' has wrong owner or group", dump_dir_name);
Matej Habrnal fa1950
         return 400; /*  */
Matej Habrnal fa1950
     }
Matej Habrnal fa1950
-    if (!dump_dir_accessible_by_uid(dump_dir_name, client_uid))
Matej Habrnal fa1950
+
Matej Habrnal fa1950
+    struct dump_dir *dd = dd_opendir(dump_dir_name, DD_OPEN_FD_ONLY);
Matej Habrnal fa1950
+    if (dd == NULL)
Matej Habrnal fa1950
+    {
Matej Habrnal fa1950
+        perror_msg("Can't open problem directory '%s'", dump_dir_name);
Matej Habrnal fa1950
+        return 400;
Matej Habrnal fa1950
+    }
Matej Habrnal fa1950
+    if (!dd_accessible_by_uid(dd, client_uid))
Matej Habrnal fa1950
     {
Matej Habrnal fa1950
+        dd_close(dd);
Matej Habrnal fa1950
         if (errno == ENOTDIR)
Matej Habrnal fa1950
         {
Matej Habrnal fa1950
             error_msg("Path '%s' isn't problem directory", dump_dir_name);
Matej Habrnal fa1950
@@ -102,7 +110,16 @@ static int delete_path(const char *dump_dir_name)
Matej Habrnal fa1950
         return 403; /* Forbidden */
Matej Habrnal fa1950
     }
Matej Habrnal fa1950
 
Matej Habrnal fa1950
-    delete_dump_dir(dump_dir_name);
Matej Habrnal fa1950
+    dd = dd_fdopendir(dd, /*flags:*/ 0);
Matej Habrnal fa1950
+    if (dd)
Matej Habrnal fa1950
+    {
Matej Habrnal fa1950
+        if (dd_delete(dd) != 0)
Matej Habrnal fa1950
+        {
Matej Habrnal fa1950
+            error_msg("Failed to delete problem directory '%s'", dump_dir_name);
Matej Habrnal fa1950
+            dd_close(dd);
Matej Habrnal fa1950
+            return 400;
Matej Habrnal fa1950
+        }
Matej Habrnal fa1950
+    }
Matej Habrnal fa1950
 
Matej Habrnal fa1950
     return 0; /* success */
Matej Habrnal fa1950
 }
Matej Habrnal fa1950
-- 
Matej Habrnal fa1950
2.1.0
Matej Habrnal fa1950