|
 |
5f7b57 |
From e76a8655152129de09bd9521ade8158bb07cc8fe Mon Sep 17 00:00:00 2001
|
|
|
5f7b57 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
5f7b57 |
Date: Wed, 15 Apr 2015 17:41:49 +0200
|
|
|
5f7b57 |
Subject: [LIBREPORT PATCH] dump_dir: allow hooks to create dump directory
|
|
|
5f7b57 |
without parents
|
|
|
5f7b57 |
|
|
|
5f7b57 |
With a centralized model of handling problems like ABRT, there is a need
|
|
|
5f7b57 |
to ensure that every dump directory is a descendant of some central
|
|
|
5f7b57 |
directory (database). This commit together with other security commits
|
|
|
5f7b57 |
makes code of the tools creating the dump directories in the central
|
|
|
5f7b57 |
directory more robust by ensuring that no tool accidentally creates the
|
|
|
5f7b57 |
central directory and all tools creates exactly one directory.
|
|
|
5f7b57 |
|
|
|
5f7b57 |
Related: #1211835
|
|
|
5f7b57 |
|
|
|
5f7b57 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
5f7b57 |
---
|
|
|
5f7b57 |
src/include/dump_dir.h | 4 +++-
|
|
|
5f7b57 |
src/lib/dump_dir.c | 12 +++++++++---
|
|
|
5f7b57 |
2 files changed, 12 insertions(+), 4 deletions(-)
|
|
|
5f7b57 |
|
|
|
5f7b57 |
diff --git a/src/include/dump_dir.h b/src/include/dump_dir.h
|
|
|
5f7b57 |
index 71cf66f..8f672d3 100644
|
|
|
5f7b57 |
--- a/src/include/dump_dir.h
|
|
|
5f7b57 |
+++ b/src/include/dump_dir.h
|
|
|
5f7b57 |
@@ -43,6 +43,8 @@ enum {
|
|
|
5f7b57 |
DD_OPEN_READONLY = (1 << 3),
|
|
|
5f7b57 |
DD_LOAD_TEXT_RETURN_NULL_ON_FAILURE = (1 << 4),
|
|
|
5f7b57 |
DD_DONT_WAIT_FOR_LOCK = (1 << 5),
|
|
|
5f7b57 |
+ /* Create the new dump directory with parent directories (mkdir -p)*/
|
|
|
5f7b57 |
+ DD_CREATE_PARENTS = (1 << 6),
|
|
|
5f7b57 |
};
|
|
|
5f7b57 |
|
|
|
5f7b57 |
struct dump_dir {
|
|
|
5f7b57 |
@@ -60,7 +62,7 @@ struct dump_dir {
|
|
|
5f7b57 |
void dd_close(struct dump_dir *dd);
|
|
|
5f7b57 |
|
|
|
5f7b57 |
struct dump_dir *dd_opendir(const char *dir, int flags);
|
|
|
5f7b57 |
-struct dump_dir *dd_create_skeleton(const char *dir, uid_t uid, mode_t mode);
|
|
|
5f7b57 |
+struct dump_dir *dd_create_skeleton(const char *dir, uid_t uid, mode_t mode, int flags);
|
|
|
5f7b57 |
int dd_reset_ownership(struct dump_dir *dd);
|
|
|
5f7b57 |
/* Pass uid = (uid_t)-1L to disable chown'ing of newly created files
|
|
|
5f7b57 |
* (IOW: if you aren't running under root):
|
|
|
5f7b57 |
diff --git a/src/lib/dump_dir.c b/src/lib/dump_dir.c
|
|
|
5f7b57 |
index fabad0b..2a65100 100644
|
|
|
5f7b57 |
--- a/src/lib/dump_dir.c
|
|
|
5f7b57 |
+++ b/src/lib/dump_dir.c
|
|
|
5f7b57 |
@@ -514,7 +514,7 @@ struct dump_dir *dd_opendir(const char *dir, int flags)
|
|
|
5f7b57 |
* this runs under 0:0
|
|
|
5f7b57 |
* - clients: setroubleshootd, abrt python
|
|
|
5f7b57 |
*/
|
|
|
5f7b57 |
-struct dump_dir *dd_create_skeleton(const char *dir, uid_t uid, mode_t mode)
|
|
|
5f7b57 |
+struct dump_dir *dd_create_skeleton(const char *dir, uid_t uid, mode_t mode, int flags)
|
|
|
5f7b57 |
{
|
|
|
5f7b57 |
/* a little trick to copy read bits from file mode to exec bit of dir mode*/
|
|
|
5f7b57 |
mode_t dir_mode = mode | ((mode & 0444) >> 2);
|
|
|
5f7b57 |
@@ -547,7 +547,13 @@ struct dump_dir *dd_create_skeleton(const char *dir, uid_t uid, mode_t mode)
|
|
|
5f7b57 |
* the user to replace any file in the directory, changing security-sensitive data
|
|
|
5f7b57 |
* (e.g. "uid", "analyzer", "executable")
|
|
|
5f7b57 |
*/
|
|
|
5f7b57 |
- if (g_mkdir_with_parents(dd->dd_dirname, dir_mode) != 0)
|
|
|
5f7b57 |
+ int r;
|
|
|
5f7b57 |
+ if ((flags & DD_CREATE_PARENTS))
|
|
|
5f7b57 |
+ r = g_mkdir_with_parents(dd->dd_dirname, dir_mode);
|
|
|
5f7b57 |
+ else
|
|
|
5f7b57 |
+ r = mkdir(dd->dd_dirname, dir_mode);
|
|
|
5f7b57 |
+
|
|
|
5f7b57 |
+ if (r != 0)
|
|
|
5f7b57 |
{
|
|
|
5f7b57 |
perror_msg("Can't create directory '%s'", dir);
|
|
|
5f7b57 |
dd_close(dd);
|
|
|
5f7b57 |
@@ -627,7 +633,7 @@ int dd_reset_ownership(struct dump_dir *dd)
|
|
|
5f7b57 |
*/
|
|
|
5f7b57 |
struct dump_dir *dd_create(const char *dir, uid_t uid, mode_t mode)
|
|
|
5f7b57 |
{
|
|
|
5f7b57 |
- struct dump_dir *dd = dd_create_skeleton(dir, uid, mode);
|
|
|
5f7b57 |
+ struct dump_dir *dd = dd_create_skeleton(dir, uid, mode, DD_CREATE_PARENTS);
|
|
|
5f7b57 |
if (dd == NULL)
|
|
|
5f7b57 |
return NULL;
|
|
|
5f7b57 |
|
|
|
5f7b57 |
--
|
|
|
5f7b57 |
1.8.3.1
|
|
|
5f7b57 |
|