Merge branch 'master' of git://git.fedorahosted.org/git/abrt

6 files changed, 40 insertions, 40 deletions

diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp
index 3971a2cc..c6cae5de 100644
--- a/src/Daemon/Daemon.cpp
+++ b/src/Daemon/Daemon.cpp
@@ -623,14 +623,11 @@ static void run_main_loop(GMainLoop* loop)
 static void start_syslog_logging()
 {
     /* Open stdin to /dev/null */
-    close(STDIN_FILENO);
-    xopen("/dev/null", O_RDWR);
+    xmove_fd(xopen("/dev/null", O_RDWR), STDIN_FILENO);
     /* We must not leave fds 0,1,2 closed.
      * Otherwise fprintf(stderr) dumps messages into random fds, etc. */
-    close(STDOUT_FILENO);
-    close(STDERR_FILENO);
-    xdup(0);
-    xdup(0);
+    xdup2(STDIN_FILENO, STDOUT_FILENO);
+    xdup2(STDIN_FILENO, STDERR_FILENO);
     openlog("abrtd", 0, LOG_DAEMON);
     logmode = LOGMODE_SYSLOG;
 }
diff --git a/src/Daemon/MiddleWare.cpp b/src/Daemon/MiddleWare.cpp
index 5235c172..b597a411 100644
--- a/src/Daemon/MiddleWare.cpp
+++ b/src/Daemon/MiddleWare.cpp
@@ -575,29 +575,35 @@ static mw_result_t SavePackageDescriptionToDebugDump(const char *pExecutable,
     }
     else
     {
-        package = GetPackage(pExecutable);
+        char *rpm_pkg = GetPackage(pExecutable);
+        if (rpm_pkg == NULL)
+        {
+            log("Executable '%s' doesn't belong to any package", pExecutable);
+            return MW_PACKAGE_ERROR;
+        }
+
+        package = rpm_pkg;
         packageName = package.substr(0, package.rfind("-", package.rfind("-") - 1));
-        if (packageName == "" ||
-            (g_setBlackList.find(packageName) != g_setBlackList.end()))
+        VERB2 log("Package:'%s' short:'%s'", rpm_pkg, packageName.c_str());
+        free(rpm_pkg);
+
+	if (g_setBlackList.find(packageName) != g_setBlackList.end())
         {
-            if (packageName == "")
-            {
-                error_msg("Executable doesn't belong to any package");
-                return MW_PACKAGE_ERROR;
-            }
-            log("Blacklisted package");
+            log("Blacklisted package '%s'", packageName.c_str());
             return MW_BLACKLISTED;
         }
         if (g_settings_bOpenGPGCheck)
         {
             if (!s_RPM.CheckFingerprint(packageName.c_str()))
             {
-                error_msg("package isn't signed with proper key");
+                log("Package '%s' isn't signed with proper key", packageName.c_str());
                 return MW_GPG_ERROR;
             }
             if (!CheckHash(packageName.c_str(), pExecutable))
             {
-                error_msg("executable has bad hash");
+                error_msg("Executable '%s' seems to be modified, "
+                                "doesn't match one from package '%s'",
+                                pExecutable, packageName.c_str());
                 return MW_GPG_ERROR;
             }
         }
diff --git a/src/Daemon/RPM.cpp b/src/Daemon/RPM.cpp
index b3cf2c1c..6f05c0b9 100644
--- a/src/Daemon/RPM.cpp
+++ b/src/Daemon/RPM.cpp
@@ -100,16 +100,12 @@ bool CheckHash(const char* pPackage, const char* pPath)
             if (strcmp(pPath, rpmfiFN(fi)) == 0)
             {
                 headerHash = rpmfiFDigestHex(fi, &hashAlgo);
+                rpmDoDigest(hashAlgo, pPath, 1, (unsigned char*) computedHash, NULL);
+                ret = (headerHash != "" && headerHash == computedHash);
+                break;
             }
         }
         rpmfiFree(fi);
-
-        rpmDoDigest(hashAlgo, pPath, 1, (unsigned char*) computedHash, NULL);
-
-        if (headerHash != "" && headerHash == computedHash)
-        {
-            ret = true;
-        }
     }
     rpmdbFreeIterator(iter);
     rpmtsFree(ts);
@@ -118,7 +114,7 @@ bool CheckHash(const char* pPackage, const char* pPath)
 
 std::string GetDescription(const char* pPackage)
 {
-    std::string pDescription = "";
+    std::string pDescription;
     rpmts ts = rpmtsCreate();
     rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_NAME, pPackage, 0);
     Header header = rpmdbNextIterator(iter);
@@ -139,7 +135,7 @@ std::string GetDescription(const char* pPackage)
 
 std::string GetComponent(const char* pFileName)
 {
-    std::string ret = "";
+    std::string ret;
     rpmts ts = rpmtsCreate();
     rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_BASENAMES, pFileName, 0);
     Header header = rpmdbNextIterator(iter);
@@ -161,20 +157,15 @@ std::string GetComponent(const char* pFileName)
     return ret;
 }
 
-std::string GetPackage(const char* pFileName)
+char* GetPackage(const char* pFileName)
 {
-    std::string ret = "";
+    char* ret = NULL;
     rpmts ts = rpmtsCreate();
     rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_BASENAMES, pFileName, 0);
     Header header = rpmdbNextIterator(iter);
     if (header != NULL)
     {
-        char* nerv = headerGetNEVR(header, NULL);
-        if (nerv != NULL)
-        {
-            ret = nerv;
-            free(nerv);
-        }
+        ret = headerGetNEVR(header, NULL);
     }
 
     rpmdbFreeIterator(iter);
diff --git a/src/Daemon/RPM.h b/src/Daemon/RPM.h
index 67cd4a29..fed5e43d 100644
--- a/src/Daemon/RPM.h
+++ b/src/Daemon/RPM.h
@@ -82,9 +82,9 @@ std::string GetDescription(const char* pPackage);
  * file. If the file doesn't belong to any package, empty string is
  * returned.
  * @param pFileName A file name.
- * @return A package name.
+ * @return A package name (malloced string)
  */
-std::string GetPackage(const char* pFileName);
+char* GetPackage(const char* pFileName);
 /**
  * Finds a main package for given file. This package contains particular
  * file. If the file doesn't belong to any package, empty string is
diff --git a/src/Daemon/abrt.conf b/src/Daemon/abrt.conf
index ee034a6c..0a5cdc40 100644
--- a/src/Daemon/abrt.conf
+++ b/src/Daemon/abrt.conf
@@ -4,7 +4,8 @@
 [ Common ]
 # With this option set to "yes",
 # only crashes in signed packages will be analyzed.
-OpenGPGCheck = yes
+# uses prelink which can be dangerous, and it's disallowed by SELinux
+OpenGPGCheck = no
 # GPG keys
 OpenGPGPublicKeys = /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
 # Blacklisted packages
diff --git a/src/Hooks/CCpp.cpp b/src/Hooks/CCpp.cpp
index fdb31a5c..fd789cfb 100644
--- a/src/Hooks/CCpp.cpp
+++ b/src/Hooks/CCpp.cpp
@@ -216,7 +216,7 @@ int main(int argc, char** argv)
         /* not an error, exit silently */
         return 0;
     }
-    if (pid <= 0 || uid < 0)
+    if (pid <= 0 || (int)uid < 0)
     {
         error_msg_and_die("pid '%s' or uid '%s' are bogus", argv[2], argv[4]);
     }
@@ -450,9 +450,14 @@ int main(int argc, char** argv)
  create_user_core:
     /* Write a core file for user */
 
+    struct passwd* pw = getpwuid(uid);
+    gid_t gid = pw ? pw->pw_gid : uid;
+    setgroups(1, &gid);
+    xsetregid(gid, gid);
+    xsetreuid(uid, uid);
+
     errno = 0;
-    if (setuid(uid) != 0
-     || user_pwd == NULL
+    if (user_pwd == NULL
      || chdir(user_pwd) != 0
     ) {
         perror_msg_and_die("can't cd to %s", user_pwd);