From fdf93685d4f3fc36fe50d34a11e24662c4cb2d8c Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 12:12:59 +0200
Subject: [ABRT PATCH] a-a-save-package-data: turn off reading data from root
 directories

Making copies of files from arbitrary root directories is not secure.

Related: #1211835

Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
 src/daemon/abrt-action-save-package-data.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/daemon/abrt-action-save-package-data.c b/src/daemon/abrt-action-save-package-data.c
index 6dbcfc2..97d5f5e 100644
--- a/src/daemon/abrt-action-save-package-data.c
+++ b/src/daemon/abrt-action-save-package-data.c
@@ -223,7 +223,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
 
     char *cmdline = NULL;
     char *executable = NULL;
-    char *rootdir = NULL;
     char *package_short_name = NULL;
     struct pkg_envra *pkg_name = NULL;
     char *component = NULL;
@@ -233,8 +232,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
 
     cmdline = dd_load_text_ext(dd, FILENAME_CMDLINE, DD_FAIL_QUIETLY_ENOENT);
     executable = dd_load_text(dd, FILENAME_EXECUTABLE);
-    rootdir = dd_load_text_ext(dd, FILENAME_ROOTDIR,
-                               DD_FAIL_QUIETLY_ENOENT | DD_LOAD_TEXT_RETURN_NULL_ON_FAILURE);
 
     /* Close dd while we query package database. It can take some time,
      * don't want to keep dd locked longer than necessary */
@@ -246,7 +243,7 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
         goto ret; /* return 1 (failure) */
     }
 
-    pkg_name = rpm_get_package_nvr(executable, rootdir);
+    pkg_name = rpm_get_package_nvr(executable, NULL);
     if (!pkg_name)
     {
         if (settings_bProcessUnpackaged)
@@ -329,7 +326,7 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
          */
     }
 
-    component = rpm_get_component(executable, rootdir);
+    component = rpm_get_component(executable, NULL);
 
     dd = dd_opendir(dump_dir_name, /*flags:*/ 0);
     if (!dd)
@@ -355,7 +352,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
  ret:
     free(cmdline);
     free(executable);
-    free(rootdir);
     free(package_short_name);
     free_pkg_envra(pkg_name);
     free(component);
-- 
1.8.3.1