diff options
author | Jiri Moskovcak <jmoskovc@redhat.com> | 2011-02-21 18:39:48 +0100 |
---|---|---|
committer | Denys Vlasenko <dvlasenk@redhat.com> | 2011-02-21 18:39:48 +0100 |
commit | 292fb47cb67837bc203c3038f75968a978440be7 (patch) | |
tree | c6accb4d7adb365801b7f0c91e0b5a11067650ba /src/daemon | |
parent | 004882408d093d324cc712c1f45166427589eac5 (diff) | |
download | abrt-292fb47cb67837bc203c3038f75968a978440be7.tar.gz abrt-292fb47cb67837bc203c3038f75968a978440be7.tar.xz abrt-292fb47cb67837bc203c3038f75968a978440be7.zip |
run abrt-action-install-debuginfo.py using trivial sgid wrapper
Signed-off-by: Jiri Moskovcak <jmoskovc@redhat.com>
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/Daemon.cpp | 2 | ||||
-rw-r--r-- | src/daemon/abrt_event.conf | 12 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/daemon/Daemon.cpp b/src/daemon/Daemon.cpp index ca9cf0c5..f791fb38 100644 --- a/src/daemon/Daemon.cpp +++ b/src/daemon/Daemon.cpp @@ -515,7 +515,7 @@ static void sanitize_dump_dir_rights() /* 00777 bits are usual "rwxrwxrwx" access rights */ ensure_writable_dir(DEBUG_DUMPS_DIR, 0755, "abrt"); /* debuginfo cache */ - ensure_writable_dir(DEBUG_INFO_DIR, 0755, "root"); + ensure_writable_dir(DEBUG_INFO_DIR, 0775, "abrt"); /* temp dir */ ensure_writable_dir(VAR_RUN"/abrt", 0755, "root"); } diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf index 8c040c9c..0c94341f 100644 --- a/src/daemon/abrt_event.conf +++ b/src/daemon/abrt_event.conf @@ -68,18 +68,26 @@ EVENT=post-create analyzer=Kerneloops abrt-action-analyze-oops #TODO: implement this (or add this functionality to abrt-action-install-debuginfo): #EVENT=analyze analyzer=CCpp backtrace= trim-debuginfo-cache /var/cache/abrt-di 4096m + # Additional directories to search for debuginfos can be specified # in the third argument (its format is CACHEDIR[:DEBUGINFODIR...]). # For example, you can specify a network-mounted shared store # of all debuginfos this way. + +# FIXME!!! this is a sgid binary. It must not be possible to pass names +# of writable directories as parameters, otherwise any user will be able +# to write into them by calling abrt-action-install-debuginfo +# with specially-crafted params! + EVENT=analyze analyzer=CCpp backtrace= - abrt-action-install-debuginfo.py --core="$DUMP_DIR/coredump" --tmpdir="/var/run/abrt/$$-$RANDOM" --cache=/var/cache/abrt-di + abrt-action-install-debuginfo --core="$DUMP_DIR/coredump" --tmpdir="/tmp/$$-$RANDOM" --cache=/var/cache/abrt-di + EVENT=analyze analyzer=CCpp backtrace= abrt-action-generate-backtrace # Same as "analyze", but executed when user requests "refresh" in GUI #EVENT=reanalyze analyzer=CCpp trim-debuginfo-cache /var/cache/abrt-di 4096m EVENT=reanalyze analyzer=CCpp - abrt-action-install-debuginfo.py --core="$DUMP_DIR/coredump" --tmpdir="/var/run/abrt/$$-$RANDOM" --cache=/var/cache/abrt-di + abrt-action-install-debuginfo --core="$DUMP_DIR/coredump" --tmpdir="/tmp/$$-$RANDOM" --cache=/var/cache/abrt-di EVENT=reanalyze analyzer=CCpp abrt-action-generate-backtrace EVENT=report analyzer=Kerneloops abrt-action-kerneloops |