|
 |
8ec399 |
From fdf93685d4f3fc36fe50d34a11e24662c4cb2d8c Mon Sep 17 00:00:00 2001
|
|
|
8ec399 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
8ec399 |
Date: Wed, 15 Apr 2015 12:12:59 +0200
|
|
|
8ec399 |
Subject: [ABRT PATCH] a-a-save-package-data: turn off reading data from root
|
|
|
8ec399 |
directories
|
|
|
8ec399 |
|
|
|
8ec399 |
Making copies of files from arbitrary root directories is not secure.
|
|
|
8ec399 |
|
|
|
8ec399 |
Related: #1211835
|
|
|
8ec399 |
|
|
|
8ec399 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
8ec399 |
---
|
|
|
8ec399 |
src/daemon/abrt-action-save-package-data.c | 8 ++------
|
|
|
8ec399 |
1 file changed, 2 insertions(+), 6 deletions(-)
|
|
|
8ec399 |
|
|
|
8ec399 |
diff --git a/src/daemon/abrt-action-save-package-data.c b/src/daemon/abrt-action-save-package-data.c
|
|
|
8ec399 |
index 6dbcfc2..97d5f5e 100644
|
|
|
8ec399 |
--- a/src/daemon/abrt-action-save-package-data.c
|
|
|
8ec399 |
+++ b/src/daemon/abrt-action-save-package-data.c
|
|
|
8ec399 |
@@ -223,7 +223,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
|
|
|
8ec399 |
|
|
|
8ec399 |
char *cmdline = NULL;
|
|
|
8ec399 |
char *executable = NULL;
|
|
|
8ec399 |
- char *rootdir = NULL;
|
|
|
8ec399 |
char *package_short_name = NULL;
|
|
|
8ec399 |
struct pkg_envra *pkg_name = NULL;
|
|
|
8ec399 |
char *component = NULL;
|
|
|
8ec399 |
@@ -233,8 +232,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
|
|
|
8ec399 |
|
|
|
8ec399 |
cmdline = dd_load_text_ext(dd, FILENAME_CMDLINE, DD_FAIL_QUIETLY_ENOENT);
|
|
|
8ec399 |
executable = dd_load_text(dd, FILENAME_EXECUTABLE);
|
|
|
8ec399 |
- rootdir = dd_load_text_ext(dd, FILENAME_ROOTDIR,
|
|
|
8ec399 |
- DD_FAIL_QUIETLY_ENOENT | DD_LOAD_TEXT_RETURN_NULL_ON_FAILURE);
|
|
|
8ec399 |
|
|
|
8ec399 |
/* Close dd while we query package database. It can take some time,
|
|
|
8ec399 |
* don't want to keep dd locked longer than necessary */
|
|
|
8ec399 |
@@ -246,7 +243,7 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
|
|
|
8ec399 |
goto ret; /* return 1 (failure) */
|
|
|
8ec399 |
}
|
|
|
8ec399 |
|
|
|
8ec399 |
- pkg_name = rpm_get_package_nvr(executable, rootdir);
|
|
|
8ec399 |
+ pkg_name = rpm_get_package_nvr(executable, NULL);
|
|
|
8ec399 |
if (!pkg_name)
|
|
|
8ec399 |
{
|
|
|
8ec399 |
if (settings_bProcessUnpackaged)
|
|
|
8ec399 |
@@ -329,7 +326,7 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
|
|
|
8ec399 |
*/
|
|
|
8ec399 |
}
|
|
|
8ec399 |
|
|
|
8ec399 |
- component = rpm_get_component(executable, rootdir);
|
|
|
8ec399 |
+ component = rpm_get_component(executable, NULL);
|
|
|
8ec399 |
|
|
|
8ec399 |
dd = dd_opendir(dump_dir_name, /*flags:*/ 0);
|
|
|
8ec399 |
if (!dd)
|
|
|
8ec399 |
@@ -355,7 +352,6 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
|
|
|
8ec399 |
ret:
|
|
|
8ec399 |
free(cmdline);
|
|
|
8ec399 |
free(executable);
|
|
|
8ec399 |
- free(rootdir);
|
|
|
8ec399 |
free(package_short_name);
|
|
|
8ec399 |
free_pkg_envra(pkg_name);
|
|
|
8ec399 |
free(component);
|
|
|
8ec399 |
--
|
|
|
8ec399 |
1.8.3.1
|
|
|
8ec399 |
|