Signed-off-by: Nikola Pajkovsky npajkovs@redhat.com --- src/daemon/abrtd.c | 19 ------------------- src/plugins/abrt-action-install-debuginfo.in | 11 +++++++++++ 2 files changed, 11 insertions(+), 19 deletions(-)
diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c index b6b06ee..bac8edf 100644 --- a/src/daemon/abrtd.c +++ b/src/daemon/abrtd.c @@ -575,25 +575,6 @@ static void start_syslog_logging() putenv((char*)"ABRT_SYSLOG=1"); }
-static void ensure_writable_dir(const char *dir, mode_t mode, const char *user) -{ - struct stat sb; - - if (mkdir(dir, mode) != 0 && errno != EEXIST) - perror_msg_and_die("Can't create '%s'", dir); - if (stat(dir, &sb) != 0 || !S_ISDIR(sb.st_mode)) - error_msg_and_die("'%s' is not a directory", dir); - - struct passwd *pw = getpwnam(user); - if (!pw) - perror_msg_and_die("Can't find user '%s'", user); - - if ((sb.st_uid != pw->pw_uid || sb.st_gid != pw->pw_gid) && chown(dir, pw->pw_uid, pw->pw_gid) != 0) - perror_msg_and_die("Can't set owner %u:%u on '%s'", (unsigned int)pw->pw_uid, (unsigned int)pw->pw_gid, dir); - if ((sb.st_mode & 07777) != mode && chmod(dir, mode) != 0) - perror_msg_and_die("Can't set mode %o on '%s'", mode, dir); -} - static void sanitize_dump_dir_rights() { /* We can't allow everyone to create dumps: otherwise users can flood diff --git a/src/plugins/abrt-action-install-debuginfo.in b/src/plugins/abrt-action-install-debuginfo.in index 3e8a1c5..0ba844d 100644 --- a/src/plugins/abrt-action-install-debuginfo.in +++ b/src/plugins/abrt-action-install-debuginfo.in @@ -15,6 +15,7 @@ import reportclient from subprocess import Popen, PIPE from yum import _, YumBase from yum.callbacks import DownloadBaseCallback +from ctypes import *
# everything was ok RETURN_OK = 0 @@ -511,6 +512,16 @@ if __name__ == "__main__": if not b_ids: exit(RETURN_FAILURE)
+ # We can't allow everyone to create dumps: otherwise users can flood + # us with thousands of bogus or malicious dumps + # 07000 bits are setuid, setgit, and sticky, and they must be unset + # 00777 bits are usual "rwxrwxrwx" access rights + + libreport = CDLL("libreport.so") # doctest: +LINUX + ensure_writable_dir = libreport.abrt_ensure_writable_dir + ensure_writable_dir(c_char_p(cachedirs[0]), 0755, "abrt") + + # Delete oldest/biggest files from cachedir. # (Note that we need to do it before we check for missing debuginfos) #