doczkal / rpms / abrt

Forked from rpms/abrt 4 years ago
Clone

Blame SOURCES/0115-daemon-allow-only-root-user-to-trigger-the-post-crea.patch

a60cd7
From 3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Wed, 6 May 2015 14:39:44 +0200
a60cd7
Subject: [ABRT PATCH] daemon: allow only root user to trigger the post-create
a60cd7
a60cd7
There is no reason to allow non-root users to trigger this
a60cd7
functionality. Regular users can create abrt problems only through
a60cd7
abrtd or abrt-dbus and both triggers the post-create.
a60cd7
a60cd7
Other hooks run under root user (CCpp, Koops, VMCore, Xorg).
a60cd7
a60cd7
Related: #1212861
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
---
a60cd7
 src/daemon/abrt-server.c | 19 ++++++++-----------
a60cd7
 1 file changed, 8 insertions(+), 11 deletions(-)
a60cd7
a60cd7
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
a60cd7
index 130c24a..d3fa1b5 100644
a60cd7
--- a/src/daemon/abrt-server.c
a60cd7
+++ b/src/daemon/abrt-server.c
a60cd7
@@ -178,16 +178,6 @@ static int run_post_create(const char *dirname)
a60cd7
             return 403;
a60cd7
         }
a60cd7
     }
a60cd7
-    else if (!dump_dir_accessible_by_uid(dirname, client_uid))
a60cd7
-    {
a60cd7
-        if (errno == ENOTDIR)
a60cd7
-        {
a60cd7
-            error_msg("Path '%s' isn't problem directory", dirname);
a60cd7
-            return 404; /* Not Found */
a60cd7
-        }
a60cd7
-        error_msg("Problem directory '%s' can't be accessed by user with uid %ld", dirname, (long)client_uid);
a60cd7
-        return 403; /* Forbidden */
a60cd7
-    }
a60cd7
 
a60cd7
     int child_stdout_fd;
a60cd7
     int child_pid = spawn_event_handler_child(dirname, "post-create", &child_stdout_fd);
a60cd7
@@ -741,14 +731,21 @@ static int perform_http_xact(void)
a60cd7
     /* Body received, EOF was seen. Don't let alarm to interrupt after this. */
a60cd7
     alarm(0);
a60cd7
 
a60cd7
+    int ret = 0;
a60cd7
     if (url_type == CREATION_NOTIFICATION)
a60cd7
     {
a60cd7
+        if (client_uid != 0)
a60cd7
+        {
a60cd7
+            error_msg("UID=%ld is not authorized to trigger post-create processing", (long)client_uid);
a60cd7
+            ret = 403; /* Forbidden */
a60cd7
+            goto out;
a60cd7
+        }
a60cd7
+
a60cd7
         messagebuf_data[messagebuf_len] = '\0';
a60cd7
         return run_post_create(messagebuf_data);
a60cd7
     }
a60cd7
 
a60cd7
     /* Save problem dir */
a60cd7
-    int ret = 0;
a60cd7
     unsigned pid = convert_pid(problem_info);
a60cd7
     die_if_data_is_missing(problem_info);
a60cd7
 
a60cd7
-- 
a60cd7
1.8.3.1
a60cd7