arrfab / rpms / abrt

Forked from rpms/abrt 5 years ago
Clone
Blob Blame History Raw
From a4794b39efc62c9ba92b38b419de3babbbcd8cfb Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 15 Apr 2015 15:27:09 +0200
Subject: [ABRT PATCH] ccpp: postpone changing ownership of new dump
 directories

Florian Weimer <fweimer@redhat.com>:

    Currently, dd_create changes ownership of the directory immediately,
    when it is still empty. This means that any operations within the
    directory (which happen as the root user) can race with changes to
    the directory contents by the user. If you delay changing directory
    ownership until all the files have created and written, this is no
    longer a problem.

Related: #1211835

Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
 src/hooks/abrt-hook-ccpp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index ece1ece..7e05aa6 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -672,8 +672,12 @@ int main(int argc, char** argv)
 
     /* use fsuid instead of uid, so we don't expose any sensitive
      * information of suided app in /var/tmp/abrt
+     *
+     * dd_create_skeleton() creates a new directory and leaves ownership to
+     * the current user, hence, we have to call dd_reset_ownership() after the
+     * directory is populated.
      */
-    dd = dd_create(path, fsuid, DEFAULT_DUMP_DIR_MODE);
+    dd = dd_create_skeleton(path, fsuid, DEFAULT_DUMP_DIR_MODE);
     if (dd)
     {
         char *rootdir = get_rootdir(pid);
@@ -831,6 +835,9 @@ int main(int argc, char** argv)
         }
 #endif
 
+        /* And finally set the right uid and gid */
+        dd_reset_ownership(dd);
+
         /* We close dumpdir before we start catering for crash storm case.
          * Otherwise, delete_dump_dir's from other concurrent
          * CCpp's won't be able to delete our dump (their delete_dump_dir
-- 
1.8.3.1