Blame SOURCES/0093-ccpp-postpone-changing-ownership-of-new-dump-directo.patch

a60cd7
From a4794b39efc62c9ba92b38b419de3babbbcd8cfb Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Wed, 15 Apr 2015 15:27:09 +0200
a60cd7
Subject: [ABRT PATCH] ccpp: postpone changing ownership of new dump
a60cd7
 directories
a60cd7
a60cd7
Florian Weimer <fweimer@redhat.com>:
a60cd7
a60cd7
    Currently, dd_create changes ownership of the directory immediately,
a60cd7
    when it is still empty. This means that any operations within the
a60cd7
    directory (which happen as the root user) can race with changes to
a60cd7
    the directory contents by the user. If you delay changing directory
a60cd7
    ownership until all the files have created and written, this is no
a60cd7
    longer a problem.
a60cd7
a60cd7
Related: #1211835
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
---
a60cd7
 src/hooks/abrt-hook-ccpp.c | 9 ++++++++-
a60cd7
 1 file changed, 8 insertions(+), 1 deletion(-)
a60cd7
a60cd7
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
a60cd7
index ece1ece..7e05aa6 100644
a60cd7
--- a/src/hooks/abrt-hook-ccpp.c
a60cd7
+++ b/src/hooks/abrt-hook-ccpp.c
a60cd7
@@ -672,8 +672,12 @@ int main(int argc, char** argv)
a60cd7
 
a60cd7
     /* use fsuid instead of uid, so we don't expose any sensitive
a60cd7
      * information of suided app in /var/tmp/abrt
a60cd7
+     *
a60cd7
+     * dd_create_skeleton() creates a new directory and leaves ownership to
a60cd7
+     * the current user, hence, we have to call dd_reset_ownership() after the
a60cd7
+     * directory is populated.
a60cd7
      */
a60cd7
-    dd = dd_create(path, fsuid, DEFAULT_DUMP_DIR_MODE);
a60cd7
+    dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
a60cd7
     if (dd)
a60cd7
     {
a60cd7
         char *rootdir = get_rootdir(pid);
a60cd7
@@ -831,6 +835,9 @@ int main(int argc, char** argv)
a60cd7
         }
a60cd7
 #endif
a60cd7
 
a60cd7
+        /* And finally set the right uid and gid */
a60cd7
+        dd_reset_ownership(dd);
a60cd7
+
a60cd7
         /* We close dumpdir before we start catering for crash storm case.
a60cd7
          * Otherwise, delete_dump_dir's from other concurrent
a60cd7
          * CCpp's won't be able to delete our dump (their delete_dump_dir
a60cd7
-- 
a60cd7
1.8.3.1
a60cd7