|
|
a60cd7 |
From a4794b39efc62c9ba92b38b419de3babbbcd8cfb Mon Sep 17 00:00:00 2001
|
|
|
a60cd7 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
Date: Wed, 15 Apr 2015 15:27:09 +0200
|
|
|
a60cd7 |
Subject: [ABRT PATCH] ccpp: postpone changing ownership of new dump
|
|
|
a60cd7 |
directories
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Florian Weimer <fweimer@redhat.com>:
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Currently, dd_create changes ownership of the directory immediately,
|
|
|
a60cd7 |
when it is still empty. This means that any operations within the
|
|
|
a60cd7 |
directory (which happen as the root user) can race with changes to
|
|
|
a60cd7 |
the directory contents by the user. If you delay changing directory
|
|
|
a60cd7 |
ownership until all the files have created and written, this is no
|
|
|
a60cd7 |
longer a problem.
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Related: #1211835
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
---
|
|
|
a60cd7 |
src/hooks/abrt-hook-ccpp.c | 9 ++++++++-
|
|
|
a60cd7 |
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
a60cd7 |
|
|
|
a60cd7 |
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
index ece1ece..7e05aa6 100644
|
|
|
a60cd7 |
--- a/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
+++ b/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
@@ -672,8 +672,12 @@ int main(int argc, char** argv)
|
|
|
a60cd7 |
|
|
|
a60cd7 |
/* use fsuid instead of uid, so we don't expose any sensitive
|
|
|
a60cd7 |
* information of suided app in /var/tmp/abrt
|
|
|
a60cd7 |
+ *
|
|
|
a60cd7 |
+ * dd_create_skeleton() creates a new directory and leaves ownership to
|
|
|
a60cd7 |
+ * the current user, hence, we have to call dd_reset_ownership() after the
|
|
|
a60cd7 |
+ * directory is populated.
|
|
|
a60cd7 |
*/
|
|
|
a60cd7 |
- dd = dd_create(path, fsuid, DEFAULT_DUMP_DIR_MODE);
|
|
|
a60cd7 |
+ dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
|
|
|
a60cd7 |
if (dd)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
char *rootdir = get_rootdir(pid);
|
|
|
a60cd7 |
@@ -831,6 +835,9 @@ int main(int argc, char** argv)
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
#endif
|
|
|
a60cd7 |
|
|
|
a60cd7 |
+ /* And finally set the right uid and gid */
|
|
|
a60cd7 |
+ dd_reset_ownership(dd);
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
/* We close dumpdir before we start catering for crash storm case.
|
|
|
a60cd7 |
* Otherwise, delete_dump_dir's from other concurrent
|
|
|
a60cd7 |
* CCpp's won't be able to delete our dump (their delete_dump_dir
|
|
|
a60cd7 |
--
|
|
|
a60cd7 |
1.8.3.1
|
|
|
a60cd7 |
|