From 3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Wed, 6 May 2015 14:39:44 +0200 Subject: [ABRT PATCH] daemon: allow only root user to trigger the post-create There is no reason to allow non-root users to trigger this functionality. Regular users can create abrt problems only through abrtd or abrt-dbus and both triggers the post-create. Other hooks run under root user (CCpp, Koops, VMCore, Xorg). Related: #1212861 Signed-off-by: Jakub Filak --- src/daemon/abrt-server.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c index 130c24a..d3fa1b5 100644 --- a/src/daemon/abrt-server.c +++ b/src/daemon/abrt-server.c @@ -178,16 +178,6 @@ static int run_post_create(const char *dirname) return 403; } } - else if (!dump_dir_accessible_by_uid(dirname, client_uid)) - { - if (errno == ENOTDIR) - { - error_msg("Path '%s' isn't problem directory", dirname); - return 404; /* Not Found */ - } - error_msg("Problem directory '%s' can't be accessed by user with uid %ld", dirname, (long)client_uid); - return 403; /* Forbidden */ - } int child_stdout_fd; int child_pid = spawn_event_handler_child(dirname, "post-create", &child_stdout_fd); @@ -741,14 +731,21 @@ static int perform_http_xact(void) /* Body received, EOF was seen. Don't let alarm to interrupt after this. */ alarm(0); + int ret = 0; if (url_type == CREATION_NOTIFICATION) { + if (client_uid != 0) + { + error_msg("UID=%ld is not authorized to trigger post-create processing", (long)client_uid); + ret = 403; /* Forbidden */ + goto out; + } + messagebuf_data[messagebuf_len] = '\0'; return run_post_create(messagebuf_data); } /* Save problem dir */ - int ret = 0; unsigned pid = convert_pid(problem_info); die_if_data_is_missing(problem_info); -- 1.8.3.1