From 7ca7f064c8034ce1d20e6ce008bbe9a3f8d46129 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Nov 06 2014 15:16:42 +0000 Subject: make atd less abort prone --- diff --git a/at-3.1.16-noabort.patch b/at-3.1.16-noabort.patch new file mode 100644 index 0000000..58ffdd2 --- /dev/null +++ b/at-3.1.16-noabort.patch @@ -0,0 +1,157 @@ +diff -up at-3.1.16/atd.c.noabort at-3.1.16/atd.c +--- at-3.1.16/atd.c.noabort 2014-10-02 11:08:26.000000000 +0200 ++++ at-3.1.16/atd.c 2014-11-06 16:07:54.851652541 +0100 +@@ -221,7 +221,7 @@ static int set_selinux_context(const cha + security_context_t user_context=NULL; + security_context_t file_context=NULL; + struct av_decision avd; +- int retval=-1; ++ int retval=0; + char *seuser=NULL; + char *level=NULL; + +@@ -230,12 +230,9 @@ static int set_selinux_context(const cha + free(seuser); + free(level); + if (retval) { +- if (security_getenforce()==1) { +- perr("execle: couldn't get security context for user %s\n", name); +- } else { +- syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); +- return -1; +- } ++ lerr("execle: couldn't get security context for user %s\n", name); ++ retval = -1; ++ goto err; + } + } + +@@ -246,8 +243,11 @@ static int set_selinux_context(const cha + * the user cron job. It performs an entrypoint + * permission check for this purpose. + */ +- if (fgetfilecon(STDIN_FILENO, &file_context) < 0) +- perr("fgetfilecon FAILED %s", filename); ++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) { ++ lerr("fgetfilecon FAILED %s", filename); ++ retval = -1; ++ goto err; ++ } + + retval = security_compute_av(user_context, + file_context, +@@ -256,25 +256,21 @@ static int set_selinux_context(const cha + &avd); + freecon(file_context); + if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { +- if (security_getenforce()==1) { +- perr("Not allowed to set exec context to %s for user %s\n", user_context,name); +- } else { +- syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); +- retval = -1; +- goto err; +- } ++ lerr("Not allowed to set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; + } + if (setexeccon(user_context) < 0) { +- if (security_getenforce()==1) { +- perr("Could not set exec context to %s for user %s\n", user_context,name); +- retval = -1; +- } else { +- syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); +- } ++ lerr("Could not set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; + } + err: +- freecon(user_context); +- return 0; ++ if (retval < 0 && security_getenforce() != 1) ++ retval = 0; ++ if (user_context) ++ freecon(user_context); ++ return retval; + } + #endif + +@@ -347,9 +343,12 @@ run_file(const char *filename, uid_t uid + */ + + pid = fork(); +- if (pid == -1) +- perr("Cannot fork"); +- ++ if (pid == -1) { ++ lerr("Cannot fork for job execution"); ++ free(mailname); ++ free(newname); ++ return; ++ } + else if (pid != 0) { + free(mailname); + free(newname); +@@ -667,15 +666,19 @@ run_loop() + * up. + */ + +- if (stat(".", &buf) == -1) +- perr("Cannot stat " ATJOB_DIR); ++ if (stat(".", &buf) == -1) { ++ lerr("Cannot stat " ATJOB_DIR); ++ return next_job; ++ } + + if (nothing_to_do && buf.st_mtime <= last_chg) + return next_job; + last_chg = buf.st_mtime; + +- if ((spool = opendir(".")) == NULL) +- perr("Cannot read " ATJOB_DIR); ++ if ((spool = opendir(".")) == NULL) { ++ lerr("Cannot read " ATJOB_DIR); ++ return next_job; ++ } + + run_batch = 0; + nothing_to_do = 1; +diff -up at-3.1.16/daemon.c.noabort at-3.1.16/daemon.c +--- at-3.1.16/daemon.c.noabort 2014-09-30 08:29:02.000000000 +0200 ++++ at-3.1.16/daemon.c 2014-11-06 15:37:22.109277583 +0100 +@@ -83,6 +83,22 @@ perr(const char *fmt,...) + } + + void ++lerr(const char *fmt,...) ++{ ++ char buf[1024]; ++ va_list args; ++ ++ va_start(args, fmt); ++ vsnprintf(buf, sizeof(buf), fmt, args); ++ va_end(args); ++ ++ if (daemon_debug) { ++ perror(buf); ++ } else ++ syslog(LOG_ERR, "%s: %m", buf); ++} ++ ++void + pabort(const char *fmt,...) + { + char buf[1024]; +diff -up at-3.1.16/daemon.h.noabort at-3.1.16/daemon.h +--- at-3.1.16/daemon.h.noabort 2014-09-30 08:29:02.000000000 +0200 ++++ at-3.1.16/daemon.h 2014-11-06 15:36:10.461660104 +0100 +@@ -13,5 +13,8 @@ __attribute__((noreturn)) + #endif + perr (const char *fmt, ...); + ++void ++lerr (const char *fmt, ...); ++ + extern int daemon_debug; + extern int daemon_foreground; diff --git a/at.spec b/at.spec index 57bb3a9..012ecc6 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -29,6 +29,7 @@ Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch Patch11: at-3.1.14-help.patch Patch12: at-3.1.14-wrong_format.patch +Patch13: at-3.1.16-noabort.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -77,6 +78,7 @@ cp %{SOURCE1} . %patch10 -p1 -b .posix %patch11 -p1 -b .help %patch12 -p1 -b .wrong +%patch13 -p1 -b .noabort %build # patch9 touches configure.in @@ -174,6 +176,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Nov 6 2014 Tomáš Mráz - 3.1.16-3 +- make atd less abort prone + * Fri Oct 10 2014 Tomáš Mráz - 3.1.16-2 - add proper Obsoletes for the sysvinit subpackage