From 4c0369c679535a2dd5a02e2c6527139582ac3c8b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 20 Jan 2013 20:27:05 +0100 Subject: TOOLS: Use file descriptor to avoid races when creating a home directory When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 --- src/tests/files-tests.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/tests') diff --git a/src/tests/files-tests.c b/src/tests/files-tests.c index cb20e1aae..06aa59670 100644 --- a/src/tests/files-tests.c +++ b/src/tests/files-tests.c @@ -183,7 +183,7 @@ START_TEST(test_simple_copy) /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); - ret = copy_tree(dir_path, dst_path, uid, gid); + ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ @@ -225,7 +225,7 @@ START_TEST(test_copy_symlink) /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); - ret = copy_tree(dir_path, dst_path, uid, gid); + ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ @@ -264,7 +264,7 @@ START_TEST(test_copy_node) /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); - ret = copy_tree(dir_path, dst_path, uid, gid); + ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ -- cgit