diff options
author | Ondrej Kos <okos@redhat.com> | 2013-02-07 11:26:45 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-11 15:45:10 +0100 |
commit | f03094b1950325fd0d7f59fd626ac3d34ce56731 (patch) | |
tree | 47394c47c630e054ad5a41ffb10f212b862de4ac /src/tests | |
parent | 075df914c0355e1dcafad1a128877be11241725c (diff) | |
download | sssd-f03094b1950325fd0d7f59fd626ac3d34ce56731.tar.gz sssd-f03094b1950325fd0d7f59fd626ac3d34ce56731.tar.xz sssd-f03094b1950325fd0d7f59fd626ac3d34ce56731.zip |
TOOLS: Use file descriptor to avoid races when creating a home directory
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/files-tests.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/tests/files-tests.c b/src/tests/files-tests.c index 7f6b41ed1..2fe0b2d11 100644 --- a/src/tests/files-tests.c +++ b/src/tests/files-tests.c @@ -183,7 +183,7 @@ START_TEST(test_simple_copy) /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); - ret = copy_tree(dir_path, dst_path, uid, gid); + ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ @@ -225,7 +225,7 @@ START_TEST(test_copy_symlink) /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); - ret = copy_tree(dir_path, dst_path, uid, gid); + ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ @@ -264,7 +264,7 @@ START_TEST(test_copy_node) /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); - ret = copy_tree(dir_path, dst_path, uid, gid); + ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ |