From 10bea037a2ad82616b3698d07d07d287481e1bed Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Wed, 6 May 2015 14:04:42 +0200 Subject: [ABRT PATCH] daemon: harden against race conditions in DELETE There is a race between checking dump dir accessibility and deleting it in abrt-server. Related: #1214457. Signed-off-by: Jakub Filak --- src/daemon/abrt-server.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c index 1030461..130c24a 100644 --- a/src/daemon/abrt-server.c +++ b/src/daemon/abrt-server.c @@ -91,8 +91,16 @@ static int delete_path(const char *dump_dir_name) error_msg("Problem directory '%s' isn't owned by root:abrt or others are not restricted from access", dump_dir_name); return 400; /* */ } - if (!dump_dir_accessible_by_uid(dump_dir_name, client_uid)) + + int dir_fd = dd_openfd(dump_dir_name); + if (dir_fd < 0) + { + perror_msg("Can't open problem directory '%s'", dump_dir_name); + return 400; + } + if (!fdump_dir_accessible_by_uid(dir_fd, client_uid)) { + close(dir_fd); if (errno == ENOTDIR) { error_msg("Path '%s' isn't problem directory", dump_dir_name); @@ -102,7 +110,16 @@ static int delete_path(const char *dump_dir_name) return 403; /* Forbidden */ } - delete_dump_dir(dump_dir_name); + struct dump_dir *dd = dd_fdopendir(dir_fd, dump_dir_name, /*flags:*/ 0); + if (dd) + { + if (dd_delete(dd) != 0) + { + error_msg("Failed to delete problem directory '%s'", dump_dir_name); + dd_close(dd); + return 400; + } + } return 0; /* success */ } -- 1.8.3.1