From 95064291fe13d4ed98e195946d931fe779f8a48f Mon Sep 17 00:00:00 2001

From: Joy Latten <jmlatten@linux.vnet.ibm.com>

Date: Fri, 17 Jan 2014 10:33:19 -0600

Subject: [PATCH] Problem: A regular user in pkcs11 group cannot issue pkcsconf

 -t. When shm_open() creates shared memory object, it honors umask of the

 caller. This patch ensures the shared memory has expected permissions when it

 is created.

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>

Signed-off-by: Dan Horák <dan@danny.cz>

---

 usr/lib/pkcs11/common/shared_memory.c | 27 ++++++++++++++++++++++-----

 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/usr/lib/pkcs11/common/shared_memory.c b/usr/lib/pkcs11/common/shared_memory.c

index a8710c5..bf0411d 100644

--- a/usr/lib/pkcs11/common/shared_memory.c

+++ b/usr/lib/pkcs11/common/shared_memory.c

@@ -161,12 +161,29 @@ sm_open(const char *sm_name, int mode, void **p_addr, size_t len, int force)

 		goto done;

 	}

-	fd = shm_open(name, O_RDWR | O_CREAT, mode);

+	/* try and open first... */

+	fd = shm_open(name, O_RDWR, mode);

 	if (fd < 0) {

-		rc = -errno;

-		SYS_ERROR(errno, "Failed to open shared memory \"%s\".\n",

-				name);

-		goto done;

+		/* maybe it needs to be created ... */

+		fd = shm_open(name, O_RDWR | O_CREAT, mode);

+		if (fd < 0) {

+			rc = -errno;

+			SYS_ERROR(errno,

+				  "Failed to open shared memory \"%s\".\n",

+				  name);

+			goto done;

+		} else {

+			/* umask may have altered permissions if we created

+			 * the shared memory in above call, so set proper

+			 * permissions just in case.

+			 */

+			if (fchmod(fd, mode) == -1) {

+				rc = -errno;

+				SYS_ERROR(errno, "fchmod(%s): %s\n",

+						name, strerror(errno));

+				goto done;

+			}

+		}

 	}

 	/*

-- 

1.8.1.4