From 57bc5697db222c96cb3adbee635f072abeeff6ad Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Wed, 30 Sep 2015 14:14:31 +0200 Subject: [PATCH] abrtd: switch owner of the dump location to 'root' Additional hardening suggested by Florian Weimer Related to CVE-2015-5287 Related: #1262252 Signed-off-by: Jakub Filak --- src/daemon/abrtd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c index b1252d2..b79e940 100644 --- a/src/daemon/abrtd.c +++ b/src/daemon/abrtd.c @@ -164,7 +164,7 @@ static void sanitize_dump_dir_rights(void) * us with thousands of bogus or malicious dumps */ /* 07000 bits are setuid, setgit, and sticky, and they must be unset */ /* 00777 bits are usual "rwxrwxrwx" access rights */ - ensure_writable_dir(g_settings_dump_location, 0755, "abrt"); + ensure_writable_dir_group(g_settings_dump_location, 0751, "root", "abrt"); /* temp dir */ ensure_writable_dir(VAR_RUN"/abrt", 0755, "root"); } -- 1.8.3.1