rpms / abrt

Clone
Source Code
GIT

Blame 0102-daemon-allow-only-root-user-to-trigger-the-post-crea.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-debrand c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   fa1950198b4cd7ea9c3c04c4d0abcde7a69ff912
  2.   0102-daemon-allow-only-root-user-to-trigger-the-post-crea.patch
Blob History Raw
Matej Habrnal fa1950 
From ee698cf90dc5be666a115db6db245de6812e6ee2 Mon Sep 17 00:00:00 2001
Matej Habrnal fa1950 
From: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
Date: Wed, 6 May 2015 14:39:44 +0200
Matej Habrnal fa1950 
Subject: [PATCH] daemon: allow only root user to trigger the post-create
Matej Habrnal fa1950
Matej Habrnal fa1950 
There is no reason to allow non-root users to trigger this
Matej Habrnal fa1950 
functionality. Regular users can create abrt problems only through
Matej Habrnal fa1950 
abrtd or abrt-dbus and both triggers the post-create.
Matej Habrnal fa1950
Matej Habrnal fa1950 
Other hooks run under root user (CCpp, Koops, VMCore, Xorg).
Matej Habrnal fa1950
Matej Habrnal fa1950 
Related: #1212861
Matej Habrnal fa1950
Matej Habrnal fa1950 
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
---
Matej Habrnal fa1950 
 src/daemon/abrt-server.c | 19 ++++++++-----------
Matej Habrnal fa1950 
 1 file changed, 8 insertions(+), 11 deletions(-)
Matej Habrnal fa1950
Matej Habrnal fa1950 
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
Matej Habrnal fa1950 
index cfdd9b7..5fc4b1a 100644
Matej Habrnal fa1950 
--- a/src/daemon/abrt-server.c
Matej Habrnal fa1950 
+++ b/src/daemon/abrt-server.c
Matej Habrnal fa1950 
@@ -178,16 +178,6 @@ static int run_post_create(const char *dirname)
Matej Habrnal fa1950 
             return 403;
Matej Habrnal fa1950 
         }
Matej Habrnal fa1950 
     }
Matej Habrnal fa1950 
-    if (!dump_dir_accessible_by_uid(dirname, client_uid))
Matej Habrnal fa1950 
-    {
Matej Habrnal fa1950 
-        if (errno == ENOTDIR)
Matej Habrnal fa1950 
-        {
Matej Habrnal fa1950 
-            error_msg("Path '%s' isn't problem directory", dirname);
Matej Habrnal fa1950 
-            return 404; /* Not Found */
Matej Habrnal fa1950 
-        }
Matej Habrnal fa1950 
-        error_msg("Problem directory '%s' can't be accessed by user with uid %ld", dirname, (long)client_uid);
Matej Habrnal fa1950 
-        return 403; /* Forbidden */
Matej Habrnal fa1950 
-    }
Matej Habrnal fa1950
Matej Habrnal fa1950 
     int child_stdout_fd;
Matej Habrnal fa1950 
     int child_pid = spawn_event_handler_child(dirname, "post-create", &child_stdout_fd);
Matej Habrnal fa1950 
@@ -740,14 +730,21 @@ static int perform_http_xact(void)
Matej Habrnal fa1950 
     /* Body received, EOF was seen. Don't let alarm to interrupt after this. */
Matej Habrnal fa1950 
     alarm(0);
Matej Habrnal fa1950
Matej Habrnal fa1950 
+    int ret = 0;
Matej Habrnal fa1950 
     if (url_type == CREATION_NOTIFICATION)
Matej Habrnal fa1950 
     {
Matej Habrnal fa1950 
+        if (client_uid != 0)
Matej Habrnal fa1950 
+        {
Matej Habrnal fa1950 
+            error_msg("UID=%ld is not authorized to trigger post-create processing", (long)client_uid);
Matej Habrnal fa1950 
+            ret = 403; /* Forbidden */
Matej Habrnal fa1950 
+            goto out;
Matej Habrnal fa1950 
+        }
Matej Habrnal fa1950 
+
Matej Habrnal fa1950 
         messagebuf_data[messagebuf_len] = '\0';
Matej Habrnal fa1950 
         return run_post_create(messagebuf_data);
Matej Habrnal fa1950 
     }
Matej Habrnal fa1950
Matej Habrnal fa1950 
     /* Save problem dir */
Matej Habrnal fa1950 
-    int ret = 0;
Matej Habrnal fa1950 
     unsigned pid = convert_pid(problem_info);
Matej Habrnal fa1950 
     die_if_data_is_missing(problem_info);
Matej Habrnal fa1950
Matej Habrnal fa1950 
--
Matej Habrnal fa1950 
2.1.0
Matej Habrnal fa1950

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation