diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2009-10-30 11:12:44 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2009-10-30 11:12:44 +0100 |
| commit | c67fbecc1958fdc47d9614e971c9936c446d911e (patch) | |
| tree | 5c73f277474701dc09a9f632865d88f48d879ae7 /src/Daemon | |
| parent | c485062110cda2a95db5b4699a92ae2ef315d4fb (diff) | |
| download | abrt-c67fbecc1958fdc47d9614e971c9936c446d911e.tar.gz abrt-c67fbecc1958fdc47d9614e971c9936c446d911e.tar.xz abrt-c67fbecc1958fdc47d9614e971c9936c446d911e.zip | |
reenable sanitization of /var/cache/abrt; create abrt-di (debuginfo cache) too
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'src/Daemon')
| -rw-r--r-- | src/Daemon/Daemon.cpp | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp index a6a4f93c..c33806bb 100644 --- a/src/Daemon/Daemon.cpp +++ b/src/Daemon/Daemon.cpp @@ -632,23 +632,28 @@ static void start_syslog_logging() logmode = LOGMODE_SYSLOG; } -static void sanitize_dump_dir_rights() +static void ensure_root_writable_dir(const char *dir) { struct stat sb; - if (mkdir(DEBUG_DUMPS_DIR, 0755) != 0 && errno != EEXIST) - perror_msg_and_die("Can't create '%s'", DEBUG_DUMPS_DIR); - if (stat(DEBUG_DUMPS_DIR, &sb) != 0 || !S_ISDIR(sb.st_mode)) - error_msg_and_die("'%s' is not a directory", DEBUG_DUMPS_DIR); - - if (sb.st_uid != 0 || sb.st_gid != 0 || chown(DEBUG_DUMPS_DIR, 0, 0) != 0) - perror_msg_and_die("Can't set owner 0:0 on '%s'", DEBUG_DUMPS_DIR); + if (mkdir(dir, 0755) != 0 && errno != EEXIST) + perror_msg_and_die("Can't create '%s'", dir); + if (stat(dir, &sb) != 0 || !S_ISDIR(sb.st_mode)) + error_msg_and_die("'%s' is not a directory", dir); + if (sb.st_uid != 0 || sb.st_gid != 0 || chown(dir, 0, 0) != 0) + perror_msg_and_die("Can't set owner 0:0 on '%s'", dir); /* We can't allow anyone to create dumps: otherwise users can flood * us with thousands of bogus or malicious dumps */ /* 07000 bits are setuid, setgit, and sticky, and they must be unset */ - /* 00777 bits are usual "rwx" access rights */ - if ((sb.st_mode & 07777) != 0755 && chmod(DEBUG_DUMPS_DIR, 0755) != 0) - perror_msg_and_die("Can't set mode rwxr-xr-x on '%s'", DEBUG_DUMPS_DIR); + /* 00777 bits are usual "rwxrwxrwx" access rights */ + if ((sb.st_mode & 07777) != 0755 && chmod(dir, 0755) != 0) + perror_msg_and_die("Can't set mode rwxr-xr-x on '%s'", dir); +} + +static void sanitize_dump_dir_rights() +{ + ensure_root_writable_dir(DEBUG_DUMPS_DIR); + ensure_root_writable_dir(DEBUG_DUMPS_DIR"-di"); /* debuginfo cache */ } int main(int argc, char** argv) @@ -740,11 +745,12 @@ int main(int argc, char** argv) g_pMainloop = g_main_loop_new(NULL, FALSE); /* Watching DEBUG_DUMPS_DIR for new files... */ VERB1 log("Initializing inotify"); - /*FIXME: python hook runs with ordinary user privileges, - so it fails if everyone doesn't have write acces - to DEBUG_DUMPS_DIR - */ - //sanitize_dump_dir_rights(); +// Enabled again since we have new abrt-pyhook-helper, remove comment when verified to work + /* FIXME: python hook runs with ordinary user privileges, + * so it fails if everyone doesn't have write acces + * to DEBUG_DUMPS_DIR + */ + sanitize_dump_dir_rights(); errno = 0; int inotify_fd = inotify_init(); if (inotify_fd == -1) |