diff options
-rw-r--r-- | abrt.spec | 8 | ||||
-rw-r--r-- | src/Daemon/Daemon.cpp | 36 | ||||
-rw-r--r-- | src/Hooks/Makefile.am | 4 | ||||
-rw-r--r-- | src/Hooks/abrt-pyhook-helper.cpp | 4 |
4 files changed, 27 insertions, 25 deletions
@@ -27,6 +27,7 @@ BuildRequires: polkit-devel BuildRequires: libzip-devel, libtar-devel, bzip2-devel, zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: %{name}-libs = %{version}-%{release} +Prereq: /usr/sbin/groupadd %description %{name} is a tool to help users to detect defects in applications and @@ -241,6 +242,9 @@ desktop-file-install \ %clean rm -rf $RPM_BUILD_ROOT +%pre +/usr/sbin/groupadd -f --system abrt + %post /sbin/chkconfig --add %{name}d @@ -267,7 +271,7 @@ fi %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.d/dbus-%{name}.conf %{_initrddir}/%{name}d -%dir /var/cache/%{name} +%dir %attr(1775, root, abrt) /var/cache/%{name} %dir /var/cache/%{name}-di %dir /var/run/%{name} %dir %{_sysconfdir}/%{name} @@ -377,7 +381,7 @@ fi %files addon-python %defattr(-,root,root,-) -%{_bindir}/%{name}-pyhook-helper +%attr(2755, root, abrt) %{_bindir}/%{name}-pyhook-helper %config(noreplace) %{_sysconfdir}/%{name}/pyhook.conf %{python_sitearch}/ABRTUtils.so %{_libdir}/%{name}/libPython.so* diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp index 3ceab47c..53c44d3f 100644 --- a/src/Daemon/Daemon.cpp +++ b/src/Daemon/Daemon.cpp @@ -658,29 +658,36 @@ static void start_syslog_logging() logmode = LOGMODE_SYSLOG; } -static void ensure_root_writable_dir(const char *dir) +static void ensure_writable_dir(const char *dir, mode_t mode, const char *group) { struct stat sb; - if (mkdir(dir, 0755) != 0 && errno != EEXIST) + if (mkdir(dir, mode) != 0 && errno != EEXIST) perror_msg_and_die("Can't create '%s'", dir); if (stat(dir, &sb) != 0 || !S_ISDIR(sb.st_mode)) error_msg_and_die("'%s' is not a directory", dir); - if ((sb.st_uid != 0 || sb.st_gid != 0) && chown(dir, 0, 0) != 0) + + struct group *gr = getgrnam(group); + if (!gr) + perror_msg_and_die("Can't find group '%s'", group); + + if ((sb.st_uid != 0 || sb.st_gid != gr->gr_gid) && chown(dir, 0, gr->gr_gid) != 0) perror_msg_and_die("Can't set owner 0:0 on '%s'", dir); - /* We can't allow anyone to create dumps: otherwise users can flood - * us with thousands of bogus or malicious dumps */ - /* 07000 bits are setuid, setgit, and sticky, and they must be unset */ - /* 00777 bits are usual "rwxrwxrwx" access rights */ - if ((sb.st_mode & 07777) != 0755 && chmod(dir, 0755) != 0) - perror_msg_and_die("Can't set mode rwxr-xr-x on '%s'", dir); + if ((sb.st_mode & 07777) != mode && chmod(dir, mode) != 0) + perror_msg_and_die("Can't set mode %o on '%s'", mode, dir); } static void sanitize_dump_dir_rights() { - ensure_root_writable_dir(DEBUG_DUMPS_DIR); - ensure_root_writable_dir(DEBUG_DUMPS_DIR"-di"); /* debuginfo cache */ - ensure_root_writable_dir(VAR_RUN"/abrt"); /* temp dir */ + /* We can't allow anyone to create dumps: otherwise users can flood + * us with thousands of bogus or malicious dumps */ + /* 07000 bits are setuid, setgit, and sticky, and they must be unset */ + /* 00777 bits are usual "rwxrwxrwx" access rights */ + ensure_writable_dir(DEBUG_DUMPS_DIR, 0775, "abrt"); + /* debuginfo cache */ + ensure_writable_dir(DEBUG_DUMPS_DIR"-di", 0755, "root"); + /* temp dir */ + ensure_writable_dir(VAR_RUN"/abrt", 0755, "root"); } int main(int argc, char** argv) @@ -794,11 +801,6 @@ int main(int argc, char** argv) pMainloop = g_main_loop_new(NULL, FALSE); /* Watching DEBUG_DUMPS_DIR for new files... */ VERB1 log("Initializing inotify"); -// Enabled again since we have new abrt-pyhook-helper, remove comment when verified to work - /* FIXME: python hook runs with ordinary user privileges, - * so it fails if everyone doesn't have write acces - * to DEBUG_DUMPS_DIR - */ sanitize_dump_dir_rights(); errno = 0; int inotify_fd = inotify_init(); diff --git a/src/Hooks/Makefile.am b/src/Hooks/Makefile.am index 4eb25e2d..e581c25b 100644 --- a/src/Hooks/Makefile.am +++ b/src/Hooks/Makefile.am @@ -57,7 +57,3 @@ abrt_exception_handler.py: # RPM fix: we need to regenerate abrt_exception_handler.py, because it has the default ddir install-data-local: sed s,@DEBUG_DUMP_DIR@,$(DEBUG_DUMPS_DIR),g abrt_exception_handler.py.in > abrt_exception_handler.py - -install-data-hook: - chmod u+s,g+s $(DESTDIR)$(bindir)/abrt-pyhook-helper - diff --git a/src/Hooks/abrt-pyhook-helper.cpp b/src/Hooks/abrt-pyhook-helper.cpp index 24f08d35..348fbc72 100644 --- a/src/Hooks/abrt-pyhook-helper.cpp +++ b/src/Hooks/abrt-pyhook-helper.cpp @@ -108,8 +108,8 @@ int main(int argc, char** argv) if (uuid) dd.SaveText("uuid", uuid); - char uid[16]; - snprintf(uid, 16, "%d", (int)getuid()); + char uid[sizeof(int) * 3 + 2]; + sprintf(uid, "%d", (int)getuid()); dd.SaveText("uid", uid); dd.SaveText("backtrace", bt); |