Blob Blame Raw
From ccbab90e154f7917178cc1d56d8990b01ea45023 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 15:27:09 +0200
Subject: [PATCH] ccpp: postpone changing ownership of new dump directories

Florian Weimer <fweimer@redhat.com>:

    Currently, dd_create changes ownership of the directory immediately,
    when it is still empty. This means that any operations within the
    directory (which happen as the root user) can race with changes to
    the directory contents by the user. If you delay changing directory
    ownership until all the files have created and written, this is no
    longer a problem.

Related: #1211835

Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
 src/hooks/abrt-hook-ccpp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 880daf6..04889da 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -598,8 +598,12 @@ int main(int argc, char** argv)
 
     /* use fsuid instead of uid, so we don't expose any sensitive
      * information of suided app in /var/tmp/abrt
+     *
+     * dd_create_skeleton() creates a new directory and leaves ownership to
+     * the current user, hence, we have to call dd_reset_ownership() after the
+     * directory is populated.
      */
-    dd = dd_create(path, fsuid, DEFAULT_DUMP_DIR_MODE);
+    dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
     if (dd)
     {
         char *rootdir = get_rootdir(pid);
@@ -782,6 +786,9 @@ int main(int argc, char** argv)
         if (tid > 0 && setting_CreateCoreBacktrace)
             create_core_backtrace(tid, executable, signal_no, dd);
 
+        /* And finally set the right uid and gid */
+        dd_reset_ownership(dd);
+
         /* We close dumpdir before we start catering for crash storm case.
          * Otherwise, delete_dump_dir's from other concurrent
          * CCpp's won't be able to delete our dump (their delete_dump_dir
-- 
2.1.0