|
 |
1a0d93 |
From d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 Mon Sep 17 00:00:00 2001
|
|
|
1a0d93 |
From: Ondrej Holy <oholy@redhat.com>
|
|
|
1a0d93 |
Date: Thu, 23 May 2019 10:33:30 +0200
|
|
|
1a0d93 |
Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
|
|
|
1a0d93 |
|
|
|
1a0d93 |
Files created over admin backend should be owned by root, but they are
|
|
|
1a0d93 |
owned by the user itself. This is because the daemon drops the uid to
|
|
|
1a0d93 |
make dbus connection work. Use fsuid and euid to fix this issue.
|
|
|
1a0d93 |
|
|
|
1a0d93 |
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
|
|
|
1a0d93 |
---
|
|
|
1a0d93 |
daemon/gvfsbackendadmin.c | 29 +++++++----------------------
|
|
|
1a0d93 |
1 file changed, 7 insertions(+), 22 deletions(-)
|
|
|
1a0d93 |
|
|
|
1a0d93 |
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
|
|
|
1a0d93 |
index a74d09cf..32b51b1a 100644
|
|
|
1a0d93 |
--- a/daemon/gvfsbackendadmin.c
|
|
|
1a0d93 |
+++ b/daemon/gvfsbackendadmin.c
|
|
|
1a0d93 |
@@ -157,19 +157,6 @@ complete_job (GVfsJob *job,
|
|
|
1a0d93 |
g_vfs_job_succeeded (job);
|
|
|
1a0d93 |
}
|
|
|
1a0d93 |
|
|
|
1a0d93 |
-static void
|
|
|
1a0d93 |
-fix_file_info (GFileInfo *info)
|
|
|
1a0d93 |
-{
|
|
|
1a0d93 |
- /* Override read/write flags, since the above call will use access()
|
|
|
1a0d93 |
- * to determine permissions, which does not honor our privileged
|
|
|
1a0d93 |
- * capabilities.
|
|
|
1a0d93 |
- */
|
|
|
1a0d93 |
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
|
|
|
1a0d93 |
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
|
|
|
1a0d93 |
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
|
|
|
1a0d93 |
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
|
|
|
1a0d93 |
-}
|
|
|
1a0d93 |
-
|
|
|
1a0d93 |
static void
|
|
|
1a0d93 |
do_query_info (GVfsBackend *backend,
|
|
|
1a0d93 |
GVfsJobQueryInfo *query_info_job,
|
|
|
1a0d93 |
@@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend,
|
|
|
1a0d93 |
if (error != NULL)
|
|
|
1a0d93 |
goto out;
|
|
|
1a0d93 |
|
|
|
1a0d93 |
- fix_file_info (real_info);
|
|
|
1a0d93 |
g_file_info_copy_into (real_info, info);
|
|
|
1a0d93 |
g_object_unref (real_info);
|
|
|
1a0d93 |
|
|
|
1a0d93 |
@@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend,
|
|
|
1a0d93 |
if (error != NULL)
|
|
|
1a0d93 |
goto out;
|
|
|
1a0d93 |
|
|
|
1a0d93 |
- fix_file_info (real_info);
|
|
|
1a0d93 |
g_file_info_copy_into (real_info, info);
|
|
|
1a0d93 |
g_object_unref (real_info);
|
|
|
1a0d93 |
|
|
|
1a0d93 |
@@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend,
|
|
|
1a0d93 |
if (error != NULL)
|
|
|
1a0d93 |
goto out;
|
|
|
1a0d93 |
|
|
|
1a0d93 |
- fix_file_info (real_info);
|
|
|
1a0d93 |
g_file_info_copy_into (real_info, info);
|
|
|
1a0d93 |
g_object_unref (real_info);
|
|
|
1a0d93 |
|
|
|
1a0d93 |
@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
|
|
|
1a0d93 |
struct __user_cap_header_struct hdr;
|
|
|
1a0d93 |
struct __user_cap_data_struct data;
|
|
|
1a0d93 |
|
|
|
1a0d93 |
- /* Tell kernel not clear capabilities when dropping root */
|
|
|
1a0d93 |
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
|
|
|
1a0d93 |
- g_error ("prctl(PR_SET_KEEPCAPS) failed");
|
|
|
1a0d93 |
-
|
|
|
1a0d93 |
- /* Drop root uid, but retain the required permitted caps */
|
|
|
1a0d93 |
- if (setuid (uid) < 0)
|
|
|
1a0d93 |
+ /* Set euid to user to make dbus work */
|
|
|
1a0d93 |
+ if (seteuid (uid) < 0)
|
|
|
1a0d93 |
g_error ("unable to drop privs");
|
|
|
1a0d93 |
|
|
|
1a0d93 |
+ /* Set fsuid to still behave like root when working with files */
|
|
|
1a0d93 |
+ setfsuid (0);
|
|
|
1a0d93 |
+ if (setfsuid (-1) != 0)
|
|
|
1a0d93 |
+ g_error ("setfsuid failed");
|
|
|
1a0d93 |
+
|
|
|
1a0d93 |
memset (&hdr, 0, sizeof(hdr));
|
|
|
1a0d93 |
hdr.version = _LINUX_CAPABILITY_VERSION;
|
|
|
1a0d93 |
|
|
|
1a0d93 |
--
|
|
|
1a0d93 |
2.23.0
|
|
|
1a0d93 |
|