rpms / spice-vdagent

Clone
Source Code
GIT

Blame SOURCES/0009-vdagentd-Avoid-calling-chmod.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   93d60d733dcaa6f7573389a68e47f4df44b764e4
  2.   SOURCES
  3.   0009-vdagentd-Avoid-calling-chmod.patch
Blob History Raw
93d60d 
From dd46157d3faa95a12fc6f04cd2515f200e3ca465 Mon Sep 17 00:00:00 2001
93d60d 
From: Frediano Ziglio <freddy77@gmail.com>
93d60d 
Date: Thu, 24 Sep 2020 12:13:24 +0100
93d60d 
Subject: [PATCH vd_agent_linux 09/17] vdagentd: Avoid calling chmod
93d60d
93d60d 
Create the socket with the right permissions using umask.
93d60d 
This also prevents possible symlink exploitation in case socket
93d60d 
path is not secure.
93d60d
93d60d 
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
93d60d 
Acked-by: Uri Lublin <uril@redhat.com>
93d60d 
---
93d60d 
 src/vdagentd/vdagentd.c | 12 ++----------
93d60d 
 1 file changed, 2 insertions(+), 10 deletions(-)
93d60d
93d60d 
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
93d60d 
index 12cbbd0..eddfcf6 100644
93d60d 
--- a/src/vdagentd/vdagentd.c
93d60d 
+++ b/src/vdagentd/vdagentd.c
93d60d 
@@ -1211,7 +1211,9 @@ int main(int argc, char *argv[])
93d60d 
     /* systemd socket activation not enabled, create our own */
93d60d 
 #endif /* WITH_SYSTEMD_SOCKET_ACTIVATION */
93d60d 
     {
93d60d 
+        mode_t mode = umask(0111);
93d60d 
         udscs_server_listen_to_address(server, vdagentd_socket, &err;;
93d60d 
+        umask(mode);
93d60d 
     }
93d60d
93d60d 
     if (err) {
93d60d 
@@ -1222,16 +1224,6 @@ int main(int argc, char *argv[])
93d60d 
         return 1;
93d60d 
     }
93d60d
93d60d 
-    /* no need to set permissions on a socket that was provided by systemd */
93d60d 
-    if (own_socket) {
93d60d 
-        if (chmod(vdagentd_socket, 0666)) {
93d60d 
-            syslog(LOG_CRIT, "Fatal could not change permissions on %s: %m",
93d60d 
-                   vdagentd_socket);
93d60d 
-            udscs_destroy_server(server);
93d60d 
-            return 1;
93d60d 
-        }
93d60d 
-    }
93d60d 
-
93d60d 
 #ifdef WITH_STATIC_UINPUT
93d60d 
     uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
93d60d 
                                     debug > 1, uinput_fake);
93d60d 
--
93d60d 
2.26.2
93d60d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation