|
Matej Habrnal |
fa1950 |
From f1188d8857f2c9773156890d0037296f5361b0bf Mon Sep 17 00:00:00 2001
|
|
Matej Habrnal |
fa1950 |
From: Jakub Filak <jfilak@redhat.com>
|
|
Matej Habrnal |
fa1950 |
Date: Wed, 6 May 2015 14:04:42 +0200
|
|
Matej Habrnal |
fa1950 |
Subject: [PATCH] daemon: harden against race conditions in DELETE
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
There is a race between checking dump dir accessibility and deleting it
|
|
Matej Habrnal |
fa1950 |
in abrt-server.
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Related: #1214457.
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
Matej Habrnal |
fa1950 |
---
|
|
Matej Habrnal |
fa1950 |
src/daemon/abrt-server.c | 21 +++++++++++++++++++--
|
|
Matej Habrnal |
fa1950 |
1 file changed, 19 insertions(+), 2 deletions(-)
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
|
|
Matej Habrnal |
fa1950 |
index 8c48509..cfdd9b7 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/daemon/abrt-server.c
|
|
Matej Habrnal |
fa1950 |
+++ b/src/daemon/abrt-server.c
|
|
Matej Habrnal |
fa1950 |
@@ -91,8 +91,16 @@ static int delete_path(const char *dump_dir_name)
|
|
Matej Habrnal |
fa1950 |
error_msg("Problem directory '%s' has wrong owner or group", dump_dir_name);
|
|
Matej Habrnal |
fa1950 |
return 400; /* */
|
|
Matej Habrnal |
fa1950 |
}
|
|
Matej Habrnal |
fa1950 |
- if (!dump_dir_accessible_by_uid(dump_dir_name, client_uid))
|
|
Matej Habrnal |
fa1950 |
+
|
|
Matej Habrnal |
fa1950 |
+ struct dump_dir *dd = dd_opendir(dump_dir_name, DD_OPEN_FD_ONLY);
|
|
Matej Habrnal |
fa1950 |
+ if (dd == NULL)
|
|
Matej Habrnal |
fa1950 |
+ {
|
|
Matej Habrnal |
fa1950 |
+ perror_msg("Can't open problem directory '%s'", dump_dir_name);
|
|
Matej Habrnal |
fa1950 |
+ return 400;
|
|
Matej Habrnal |
fa1950 |
+ }
|
|
Matej Habrnal |
fa1950 |
+ if (!dd_accessible_by_uid(dd, client_uid))
|
|
Matej Habrnal |
fa1950 |
{
|
|
Matej Habrnal |
fa1950 |
+ dd_close(dd);
|
|
Matej Habrnal |
fa1950 |
if (errno == ENOTDIR)
|
|
Matej Habrnal |
fa1950 |
{
|
|
Matej Habrnal |
fa1950 |
error_msg("Path '%s' isn't problem directory", dump_dir_name);
|
|
Matej Habrnal |
fa1950 |
@@ -102,7 +110,16 @@ static int delete_path(const char *dump_dir_name)
|
|
Matej Habrnal |
fa1950 |
return 403; /* Forbidden */
|
|
Matej Habrnal |
fa1950 |
}
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
- delete_dump_dir(dump_dir_name);
|
|
Matej Habrnal |
fa1950 |
+ dd = dd_fdopendir(dd, /*flags:*/ 0);
|
|
Matej Habrnal |
fa1950 |
+ if (dd)
|
|
Matej Habrnal |
fa1950 |
+ {
|
|
Matej Habrnal |
fa1950 |
+ if (dd_delete(dd) != 0)
|
|
Matej Habrnal |
fa1950 |
+ {
|
|
Matej Habrnal |
fa1950 |
+ error_msg("Failed to delete problem directory '%s'", dump_dir_name);
|
|
Matej Habrnal |
fa1950 |
+ dd_close(dd);
|
|
Matej Habrnal |
fa1950 |
+ return 400;
|
|
Matej Habrnal |
fa1950 |
+ }
|
|
Matej Habrnal |
fa1950 |
+ }
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
return 0; /* success */
|
|
Matej Habrnal |
fa1950 |
}
|
|
Matej Habrnal |
fa1950 |
--
|
|
Matej Habrnal |
fa1950 |
2.1.0
|
|
Matej Habrnal |
fa1950 |
|