diff --git a/SOURCES/0002-targetclid.sock-change-SocketMode-to-0600.patch b/SOURCES/0002-targetclid.sock-change-SocketMode-to-0600.patch new file mode 100644 index 0000000..86c6be0 --- /dev/null +++ b/SOURCES/0002-targetclid.sock-change-SocketMode-to-0600.patch @@ -0,0 +1,33 @@ +From 6e4f39357a90a914d11bac21cc2d2b52c07c213d Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Thu, 26 Mar 2020 17:18:47 +0530 +Subject: [PATCH] targetclid.sock: change SocketMode to 0600 + +SocketMode= +If listening on a file system socket or FIFO, this option specifies the +file system access mode used when creating the file node. Takes an +access mode in octal notation. Defaults to 0666. + +Thanks Alex Murray[@alexmurray], for reporting. + +Fixes: #162 +Signed-off-by: Prasanna Kumar Kalever +--- + systemd/targetclid.socket | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/systemd/targetclid.socket b/systemd/targetclid.socket +index 4730fce..ba29ebb 100644 +--- a/systemd/targetclid.socket ++++ b/systemd/targetclid.socket +@@ -4,6 +4,7 @@ Documentation=man:targetclid(8) + + [Socket] + ListenStream=/var/run/targetclid.sock ++SocketMode=0600 + + [Install] + WantedBy=sockets.target +-- +2.21.0 + diff --git a/SPECS/targetcli.spec b/SPECS/targetcli.spec index 0cc1197..14c9153 100644 --- a/SPECS/targetcli.spec +++ b/SPECS/targetcli.spec @@ -5,10 +5,11 @@ License: ASL 2.0 Group: System Environment/Libraries Summary: An administration shell for storage targets Version: 2.1.51 -Release: 1%{?dist} +Release: 4%{?dist} URL: https://fedorahosted.org/targetcli-fb/ Source: https://fedorahosted.org/released/targetcli-fb/%{oname}-%{version}.tar.gz Patch0: 0001-setup.py-add-the-socket-and-service-files-to-the-dat.patch +Patch1: 0002-targetclid.sock-change-SocketMode-to-0600.patch BuildArch: noarch BuildRequires: python3-devel, python3-setuptools Requires: python3-rtslib, target-restore, python3-configshell, python3-six, python3-dbus, python3-gobject-base @@ -23,6 +24,7 @@ users will also need to install and use fcoe-utils. %prep %setup -q -n %{oname}-%{version} %patch0 -p1 +%patch1 -p1 %build %{__python3} setup.py build @@ -33,6 +35,7 @@ gzip --stdout targetclid.8 > targetclid.8.gz mkdir -p %{buildroot}%{_unitdir} %{__python3} setup.py install --skip-build --root %{buildroot} mkdir -p %{buildroot}%{_sysconfdir}/target/backup +mkdir -p %{buildroot}%{_sysconfdir}/target/pr mkdir -p %{buildroot}%{_mandir}/man8/ install -m 644 targetcli.8.gz %{buildroot}%{_mandir}/man8/ install -m 644 targetclid.8.gz %{buildroot}%{_mandir}/man8/ @@ -43,6 +46,7 @@ install -m 644 targetclid.8.gz %{buildroot}%{_mandir}/man8/ %{_bindir}/targetclid %dir %{_sysconfdir}/target %dir %{_sysconfdir}/target/backup +%dir %{_sysconfdir}/target/pr %doc COPYING README.md %{_mandir}/man8/targetcli.8.gz %{_mandir}/man8/targetclid.8.gz @@ -50,6 +54,15 @@ install -m 644 targetclid.8.gz %{buildroot}%{_mandir}/man8/ %{_usr}/lib/systemd/system/targetclid.socket %changelog +* Tue Apr 14 2020 Maurizio Lombardi - 2.1.51-4 +- Increase the release version + +* Wed Apr 01 2020 Maurizio Lombardi - 2.1.51-3 +- targetclid.sock allows unprivileged user to execute commands + +* Fri Dec 06 2019 Maurizio Lombardi - 2.1.51-2 +- Create the target/pr directory when installing the package + * Mon Nov 18 2019 Maurizio Lombardi - 2.1.51-1 - Update to new upstream release