abrt-action-install-debuginfo: disallow overriding paths to writable dirs

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
author: Denys Vlasenko <dvlasenk@redhat.com> 2011-02-22 05:09:13 +0100
committer: Denys Vlasenko <dvlasenk@redhat.com> 2011-02-22 05:09:13 +0100
commit: 20a9c4ddff4e597bc67f6cc232890ea946b38692 (patch)
tree: d57f93f61e703dab499303e56be57ba490332217 /src
parent: e69d06fe2be6ccf4c06ab5b76aac9838ab2dc2f9 (diff)
download: abrt-20a9c4ddff4e597bc67f6cc232890ea946b38692.tar.gz
abrt-20a9c4ddff4e597bc67f6cc232890ea946b38692.tar.xz
abrt-20a9c4ddff4e597bc67f6cc232890ea946b38692.zip
3 files changed, 38 insertions, 25 deletions
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index 0c94341f..22a22bdc 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -67,27 +67,16 @@ EVENT=post-create analyzer=Kerneloops   abrt-action-analyze-oops
         } 2>/dev/null
 
 #TODO: implement this (or add this functionality to abrt-action-install-debuginfo):
-#EVENT=analyze analyzer=CCpp backtrace=  trim-debuginfo-cache /var/cache/abrt-di 4096m
+#EVENT=analyze analyzer=CCpp backtrace=     trim-debuginfo-cache /var/cache/abrt-di 4096m
 
-# Additional directories to search for debuginfos can be specified
-# in the third argument (its format is CACHEDIR[:DEBUGINFODIR...]).
-# For example, you can specify a network-mounted shared store
-# of all debuginfos this way.
-
-# FIXME!!! this is a sgid binary. It must not be possible to pass names
-# of writable directories as parameters, otherwise any user will be able
-# to write into them by calling abrt-action-install-debuginfo
-# with specially-crafted params!
-
-EVENT=analyze analyzer=CCpp backtrace=
-	abrt-action-install-debuginfo --core="$DUMP_DIR/coredump" --tmpdir="/tmp/$$-$RANDOM" --cache=/var/cache/abrt-di
-
-EVENT=analyze analyzer=CCpp backtrace=   abrt-action-generate-backtrace
+#TODO: can we still specify additional directories to search for debuginfos,
+# or was this ability lost with move to python installer?
+EVENT=analyze analyzer=CCpp backtrace=     abrt-action-install-debuginfo --core="$DUMP_DIR/coredump"
+EVENT=analyze analyzer=CCpp backtrace=     abrt-action-generate-backtrace
 
 # Same as "analyze", but executed when user requests "refresh" in GUI
 #EVENT=reanalyze analyzer=CCpp  trim-debuginfo-cache /var/cache/abrt-di 4096m
-EVENT=reanalyze analyzer=CCpp
-	abrt-action-install-debuginfo --core="$DUMP_DIR/coredump" --tmpdir="/tmp/$$-$RANDOM" --cache=/var/cache/abrt-di
+EVENT=reanalyze analyzer=CCpp  abrt-action-install-debuginfo --core="$DUMP_DIR/coredump"
 EVENT=reanalyze analyzer=CCpp  abrt-action-generate-backtrace
 
 EVENT=report          analyzer=Kerneloops  abrt-action-kerneloops
diff --git a/src/plugins/abrt-action-install-debuginfo.c b/src/plugins/abrt-action-install-debuginfo.c
index dc7eed79..39915e59 100644
--- a/src/plugins/abrt-action-install-debuginfo.c
+++ b/src/plugins/abrt-action-install-debuginfo.c
@@ -3,6 +3,20 @@
 
 #define EXECUTABLE "abrt-action-install-debuginfo.py"
 
+static void error_msg_and_die(const char *msg, const char *arg)
+{
+    write(2, msg, strlen(msg));
+    if (arg)
+    {
+        write(2, " '", 2);
+        write(2, msg, strlen(msg));
+        write(2, "'", 1);
+    }
+    write(2, "\n", 1);
+    exit(1);
+}
+
+
 /* A binary wrapper is needed around python scripts if we want
  * to run them in sgid/suid mode.
  *
@@ -10,7 +24,20 @@
  */
 int main(int argc, char **argv)
 {
+    /*
+     * We disallow passing of arguments which point to writable dirs.
+     * This way, the script will always use default arguments.
+     */
+    char **pp = argv;
+    char *arg;
+    while ((arg = *++pp) != NULL)
+    {
+        if (strncmp(arg, "--cache", 7) == 0)
+            error_msg_and_die("bad option", arg);
+        if (strncmp(arg, "--tmpdir", 8) == 0)
+            error_msg_and_die("bad option", arg);
+    }
+
     execvp(EXECUTABLE, argv);
-    write(2, "Can't execute "EXECUTABLE"\n", strlen("Can't execute "EXECUTABLE"\n"));
-    return 1;
+    error_msg_and_die("Can't execute", EXECUTABLE);
 }
diff --git a/src/plugins/abrt-action-install-debuginfo.py b/src/plugins/abrt-action-install-debuginfo.py
index 535796e6..72f56a9d 100755
--- a/src/plugins/abrt-action-install-debuginfo.py
+++ b/src/plugins/abrt-action-install-debuginfo.py
@@ -6,6 +6,7 @@
 from subprocess import Popen, PIPE
 import sys
 import os
+import time
 import getopt
 import shutil
 from yum import _, YumBase
@@ -447,13 +448,9 @@ if __name__ == "__main__":
         print help_text
         exit(RETURN_FAILURE)
     if not cachedir:
-        print _("You have to specify the path to cache.")
-        print help_text
-        exit(RETURN_FAILURE)
+        cachedir = "/var/cache/abrt-di"
     if not tmpdir:
-        print _("You have to specify the path to tmpdir.")
-        print help_text
-        exit(RETURN_FAILURE)
+        tmpdir = "/var/run/abrt/install-debuginfo-%s.%u" % (time.strftime("%Y-%m-%d-%H:%M:%S"), os.getpid())
 
     b_ids = extract_info_from_core(core)
     if b_ids == RETURN_FAILURE:
author	Denys Vlasenko <dvlasenk@redhat.com>	2011-02-22 05:09:13 +0100
committer	Denys Vlasenko <dvlasenk@redhat.com>	2011-02-22 05:09:13 +0100
commit	20a9c4ddff4e597bc67f6cc232890ea946b38692 (patch)
tree	d57f93f61e703dab499303e56be57ba490332217 /src
parent	e69d06fe2be6ccf4c06ab5b76aac9838ab2dc2f9 (diff)
download	abrt-20a9c4ddff4e597bc67f6cc232890ea946b38692.tar.gz abrt-20a9c4ddff4e597bc67f6cc232890ea946b38692.tar.xz abrt-20a9c4ddff4e597bc67f6cc232890ea946b38692.zip