Blame SOURCES/0183-abrtd-switch-owner-of-the-dump-location-to-root.patch

a60cd7
From 57bc5697db222c96cb3adbee635f072abeeff6ad Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Wed, 30 Sep 2015 14:14:31 +0200
a60cd7
Subject: [PATCH] abrtd: switch owner of the dump location to 'root'
a60cd7
a60cd7
Additional hardening suggested by Florian Weimer <fweimer@redhat.com>
a60cd7
a60cd7
Related to CVE-2015-5287
a60cd7
Related: #1262252
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
---
a60cd7
 src/daemon/abrtd.c | 2 +-
a60cd7
 1 file changed, 1 insertion(+), 1 deletion(-)
a60cd7
a60cd7
diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c
a60cd7
index b1252d2..b79e940 100644
a60cd7
--- a/src/daemon/abrtd.c
a60cd7
+++ b/src/daemon/abrtd.c
a60cd7
@@ -164,7 +164,7 @@ static void sanitize_dump_dir_rights(void)
a60cd7
      * us with thousands of bogus or malicious dumps */
a60cd7
     /* 07000 bits are setuid, setgit, and sticky, and they must be unset */
a60cd7
     /* 00777 bits are usual "rwxrwxrwx" access rights */
a60cd7
-    ensure_writable_dir(g_settings_dump_location, 0755, "abrt");
a60cd7
+    ensure_writable_dir_group(g_settings_dump_location, 0751, "root", "abrt");
a60cd7
     /* temp dir */
a60cd7
     ensure_writable_dir(VAR_RUN"/abrt", 0755, "root");
a60cd7
 }
a60cd7
-- 
a60cd7
1.8.3.1
a60cd7