|
|
a60cd7 |
From 3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca Mon Sep 17 00:00:00 2001
|
|
|
a60cd7 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
Date: Wed, 6 May 2015 14:39:44 +0200
|
|
|
a60cd7 |
Subject: [ABRT PATCH] daemon: allow only root user to trigger the post-create
|
|
|
a60cd7 |
|
|
|
a60cd7 |
There is no reason to allow non-root users to trigger this
|
|
|
a60cd7 |
functionality. Regular users can create abrt problems only through
|
|
|
a60cd7 |
abrtd or abrt-dbus and both triggers the post-create.
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Other hooks run under root user (CCpp, Koops, VMCore, Xorg).
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Related: #1212861
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
---
|
|
|
a60cd7 |
src/daemon/abrt-server.c | 19 ++++++++-----------
|
|
|
a60cd7 |
1 file changed, 8 insertions(+), 11 deletions(-)
|
|
|
a60cd7 |
|
|
|
a60cd7 |
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
|
|
|
a60cd7 |
index 130c24a..d3fa1b5 100644
|
|
|
a60cd7 |
--- a/src/daemon/abrt-server.c
|
|
|
a60cd7 |
+++ b/src/daemon/abrt-server.c
|
|
|
a60cd7 |
@@ -178,16 +178,6 @@ static int run_post_create(const char *dirname)
|
|
|
a60cd7 |
return 403;
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
- else if (!dump_dir_accessible_by_uid(dirname, client_uid))
|
|
|
a60cd7 |
- {
|
|
|
a60cd7 |
- if (errno == ENOTDIR)
|
|
|
a60cd7 |
- {
|
|
|
a60cd7 |
- error_msg("Path '%s' isn't problem directory", dirname);
|
|
|
a60cd7 |
- return 404; /* Not Found */
|
|
|
a60cd7 |
- }
|
|
|
a60cd7 |
- error_msg("Problem directory '%s' can't be accessed by user with uid %ld", dirname, (long)client_uid);
|
|
|
a60cd7 |
- return 403; /* Forbidden */
|
|
|
a60cd7 |
- }
|
|
|
a60cd7 |
|
|
|
a60cd7 |
int child_stdout_fd;
|
|
|
a60cd7 |
int child_pid = spawn_event_handler_child(dirname, "post-create", &child_stdout_fd);
|
|
|
a60cd7 |
@@ -741,14 +731,21 @@ static int perform_http_xact(void)
|
|
|
a60cd7 |
/* Body received, EOF was seen. Don't let alarm to interrupt after this. */
|
|
|
a60cd7 |
alarm(0);
|
|
|
a60cd7 |
|
|
|
a60cd7 |
+ int ret = 0;
|
|
|
a60cd7 |
if (url_type == CREATION_NOTIFICATION)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
+ if (client_uid != 0)
|
|
|
a60cd7 |
+ {
|
|
|
a60cd7 |
+ error_msg("UID=%ld is not authorized to trigger post-create processing", (long)client_uid);
|
|
|
a60cd7 |
+ ret = 403; /* Forbidden */
|
|
|
a60cd7 |
+ goto out;
|
|
|
a60cd7 |
+ }
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
messagebuf_data[messagebuf_len] = '\0';
|
|
|
a60cd7 |
return run_post_create(messagebuf_data);
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
|
|
|
a60cd7 |
/* Save problem dir */
|
|
|
a60cd7 |
- int ret = 0;
|
|
|
a60cd7 |
unsigned pid = convert_pid(problem_info);
|
|
|
a60cd7 |
die_if_data_is_missing(problem_info);
|
|
|
a60cd7 |
|
|
|
a60cd7 |
--
|
|
|
a60cd7 |
1.8.3.1
|
|
|
a60cd7 |
|