|
 |
4bc40d |
From 8a71a8694dfbb79db4c66ae116d2f325d292d541 Mon Sep 17 00:00:00 2001
|
|
|
4bc40d |
From: "Alexander E. Patrakov" <patrakov@gmail.com>
|
|
|
4bc40d |
Date: Sun, 20 Apr 2014 21:58:19 +0600
|
|
|
4bc40d |
Subject: [PATCH 3/3] core-util: Remove redundant check of directory
|
|
|
4bc40d |
permissions
|
|
|
4bc40d |
|
|
|
4bc40d |
Initially (in commit ef422fa4ae626e9638ca70d1c56f27e701dd69c2),
|
|
|
4bc40d |
pa_make_secure_dir followed a simple principle: "make a directory, or,
|
|
|
4bc40d |
if it exists, check that it is suitable". Later this evolved into "make
|
|
|
4bc40d |
a directory, or, if it exists, ensure that it is suitable". But the
|
|
|
4bc40d |
check remained.
|
|
|
4bc40d |
|
|
|
4bc40d |
The check is now neither sufficient nor necessary. On POSIX-compliant
|
|
|
4bc40d |
systems, the fstat results being checked are actually post-conditions of
|
|
|
4bc40d |
fchmod and fchown. And on systems implementing POSIX ACLs, fstat only
|
|
|
4bc40d |
reflects a part of the information relevant to the security of the
|
|
|
4bc40d |
directory permissions, so PulseAudio could accept an existing insecure
|
|
|
4bc40d |
directory anyway.
|
|
|
4bc40d |
|
|
|
4bc40d |
Also, the check still fires on non-POSIX-compliant filesystems like CIFS.
|
|
|
4bc40d |
As a user cannot do anything to fix it, just accept insecure permissions
|
|
|
4bc40d |
in this case.
|
|
|
4bc40d |
---
|
|
|
4bc40d |
src/pulsecore/core-util.c | 24 +++++-------------------
|
|
|
4bc40d |
1 file changed, 5 insertions(+), 19 deletions(-)
|
|
|
4bc40d |
|
|
|
4bc40d |
diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
|
|
|
4bc40d |
index c8827ac..b72541c 100644
|
|
|
4bc40d |
--- a/src/pulsecore/core-util.c
|
|
|
4bc40d |
+++ b/src/pulsecore/core-util.c
|
|
|
4bc40d |
@@ -295,30 +295,16 @@ again:
|
|
|
4bc40d |
#endif
|
|
|
4bc40d |
|
|
|
4bc40d |
#ifdef HAVE_FCHMOD
|
|
|
4bc40d |
- (void) fchmod(fd, m);
|
|
|
4bc40d |
+ if (fchmod(fd, m) < 0) {
|
|
|
4bc40d |
+ pa_assert_se(pa_close(fd) >= 0);
|
|
|
4bc40d |
+ goto fail;
|
|
|
4bc40d |
+ };
|
|
|
4bc40d |
#endif
|
|
|
4bc40d |
|
|
|
4bc40d |
pa_assert_se(pa_close(fd) >= 0);
|
|
|
4bc40d |
}
|
|
|
4bc40d |
-#endif
|
|
|
4bc40d |
-
|
|
|
4bc40d |
-#ifdef HAVE_LSTAT
|
|
|
4bc40d |
- if (lstat(dir, &st) < 0)
|
|
|
4bc40d |
-#else
|
|
|
4bc40d |
- if (stat(dir, &st) < 0)
|
|
|
4bc40d |
-#endif
|
|
|
4bc40d |
- goto fail;
|
|
|
4bc40d |
-
|
|
|
4bc40d |
-#ifndef OS_IS_WIN32
|
|
|
4bc40d |
- if (!S_ISDIR(st.st_mode) ||
|
|
|
4bc40d |
- (st.st_uid != uid) ||
|
|
|
4bc40d |
- (st.st_gid != gid) ||
|
|
|
4bc40d |
- ((st.st_mode & 0777) != m)) {
|
|
|
4bc40d |
- errno = EACCES;
|
|
|
4bc40d |
- goto fail;
|
|
|
4bc40d |
- }
|
|
|
4bc40d |
#else
|
|
|
4bc40d |
- pa_log_warn("Secure directory creation not supported on Win32.");
|
|
|
4bc40d |
+ pa_log_warn("Secure directory creation not supported on this platform.");
|
|
|
4bc40d |
#endif
|
|
|
4bc40d |
|
|
|
4bc40d |
return 0;
|
|
|
4bc40d |
--
|
|
|
4bc40d |
1.9.3
|
|
|
4bc40d |
|