diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Daemon/Daemon.cpp | 9 | ||||
-rw-r--r-- | src/Daemon/MiddleWare.cpp | 28 | ||||
-rw-r--r-- | src/Daemon/RPM.cpp | 25 | ||||
-rw-r--r-- | src/Daemon/RPM.h | 4 | ||||
-rw-r--r-- | src/Daemon/abrt.conf | 3 | ||||
-rw-r--r-- | src/Hooks/CCpp.cpp | 11 |
6 files changed, 40 insertions, 40 deletions
diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp index 3971a2cc..c6cae5de 100644 --- a/src/Daemon/Daemon.cpp +++ b/src/Daemon/Daemon.cpp @@ -623,14 +623,11 @@ static void run_main_loop(GMainLoop* loop) static void start_syslog_logging() { /* Open stdin to /dev/null */ - close(STDIN_FILENO); - xopen("/dev/null", O_RDWR); + xmove_fd(xopen("/dev/null", O_RDWR), STDIN_FILENO); /* We must not leave fds 0,1,2 closed. * Otherwise fprintf(stderr) dumps messages into random fds, etc. */ - close(STDOUT_FILENO); - close(STDERR_FILENO); - xdup(0); - xdup(0); + xdup2(STDIN_FILENO, STDOUT_FILENO); + xdup2(STDIN_FILENO, STDERR_FILENO); openlog("abrtd", 0, LOG_DAEMON); logmode = LOGMODE_SYSLOG; } diff --git a/src/Daemon/MiddleWare.cpp b/src/Daemon/MiddleWare.cpp index 5235c172..b597a411 100644 --- a/src/Daemon/MiddleWare.cpp +++ b/src/Daemon/MiddleWare.cpp @@ -575,29 +575,35 @@ static mw_result_t SavePackageDescriptionToDebugDump(const char *pExecutable, } else { - package = GetPackage(pExecutable); + char *rpm_pkg = GetPackage(pExecutable); + if (rpm_pkg == NULL) + { + log("Executable '%s' doesn't belong to any package", pExecutable); + return MW_PACKAGE_ERROR; + } + + package = rpm_pkg; packageName = package.substr(0, package.rfind("-", package.rfind("-") - 1)); - if (packageName == "" || - (g_setBlackList.find(packageName) != g_setBlackList.end())) + VERB2 log("Package:'%s' short:'%s'", rpm_pkg, packageName.c_str()); + free(rpm_pkg); + + if (g_setBlackList.find(packageName) != g_setBlackList.end()) { - if (packageName == "") - { - error_msg("Executable doesn't belong to any package"); - return MW_PACKAGE_ERROR; - } - log("Blacklisted package"); + log("Blacklisted package '%s'", packageName.c_str()); return MW_BLACKLISTED; } if (g_settings_bOpenGPGCheck) { if (!s_RPM.CheckFingerprint(packageName.c_str())) { - error_msg("package isn't signed with proper key"); + log("Package '%s' isn't signed with proper key", packageName.c_str()); return MW_GPG_ERROR; } if (!CheckHash(packageName.c_str(), pExecutable)) { - error_msg("executable has bad hash"); + error_msg("Executable '%s' seems to be modified, " + "doesn't match one from package '%s'", + pExecutable, packageName.c_str()); return MW_GPG_ERROR; } } diff --git a/src/Daemon/RPM.cpp b/src/Daemon/RPM.cpp index b3cf2c1c..6f05c0b9 100644 --- a/src/Daemon/RPM.cpp +++ b/src/Daemon/RPM.cpp @@ -100,16 +100,12 @@ bool CheckHash(const char* pPackage, const char* pPath) if (strcmp(pPath, rpmfiFN(fi)) == 0) { headerHash = rpmfiFDigestHex(fi, &hashAlgo); + rpmDoDigest(hashAlgo, pPath, 1, (unsigned char*) computedHash, NULL); + ret = (headerHash != "" && headerHash == computedHash); + break; } } rpmfiFree(fi); - - rpmDoDigest(hashAlgo, pPath, 1, (unsigned char*) computedHash, NULL); - - if (headerHash != "" && headerHash == computedHash) - { - ret = true; - } } rpmdbFreeIterator(iter); rpmtsFree(ts); @@ -118,7 +114,7 @@ bool CheckHash(const char* pPackage, const char* pPath) std::string GetDescription(const char* pPackage) { - std::string pDescription = ""; + std::string pDescription; rpmts ts = rpmtsCreate(); rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_NAME, pPackage, 0); Header header = rpmdbNextIterator(iter); @@ -139,7 +135,7 @@ std::string GetDescription(const char* pPackage) std::string GetComponent(const char* pFileName) { - std::string ret = ""; + std::string ret; rpmts ts = rpmtsCreate(); rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_BASENAMES, pFileName, 0); Header header = rpmdbNextIterator(iter); @@ -161,20 +157,15 @@ std::string GetComponent(const char* pFileName) return ret; } -std::string GetPackage(const char* pFileName) +char* GetPackage(const char* pFileName) { - std::string ret = ""; + char* ret = NULL; rpmts ts = rpmtsCreate(); rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_BASENAMES, pFileName, 0); Header header = rpmdbNextIterator(iter); if (header != NULL) { - char* nerv = headerGetNEVR(header, NULL); - if (nerv != NULL) - { - ret = nerv; - free(nerv); - } + ret = headerGetNEVR(header, NULL); } rpmdbFreeIterator(iter); diff --git a/src/Daemon/RPM.h b/src/Daemon/RPM.h index 67cd4a29..fed5e43d 100644 --- a/src/Daemon/RPM.h +++ b/src/Daemon/RPM.h @@ -82,9 +82,9 @@ std::string GetDescription(const char* pPackage); * file. If the file doesn't belong to any package, empty string is * returned. * @param pFileName A file name. - * @return A package name. + * @return A package name (malloced string) */ -std::string GetPackage(const char* pFileName); +char* GetPackage(const char* pFileName); /** * Finds a main package for given file. This package contains particular * file. If the file doesn't belong to any package, empty string is diff --git a/src/Daemon/abrt.conf b/src/Daemon/abrt.conf index ee034a6c..0a5cdc40 100644 --- a/src/Daemon/abrt.conf +++ b/src/Daemon/abrt.conf @@ -4,7 +4,8 @@ [ Common ] # With this option set to "yes", # only crashes in signed packages will be analyzed. -OpenGPGCheck = yes +# uses prelink which can be dangerous, and it's disallowed by SELinux +OpenGPGCheck = no # GPG keys OpenGPGPublicKeys = /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora # Blacklisted packages diff --git a/src/Hooks/CCpp.cpp b/src/Hooks/CCpp.cpp index fdb31a5c..fd789cfb 100644 --- a/src/Hooks/CCpp.cpp +++ b/src/Hooks/CCpp.cpp @@ -216,7 +216,7 @@ int main(int argc, char** argv) /* not an error, exit silently */ return 0; } - if (pid <= 0 || uid < 0) + if (pid <= 0 || (int)uid < 0) { error_msg_and_die("pid '%s' or uid '%s' are bogus", argv[2], argv[4]); } @@ -450,9 +450,14 @@ int main(int argc, char** argv) create_user_core: /* Write a core file for user */ + struct passwd* pw = getpwuid(uid); + gid_t gid = pw ? pw->pw_gid : uid; + setgroups(1, &gid); + xsetregid(gid, gid); + xsetreuid(uid, uid); + errno = 0; - if (setuid(uid) != 0 - || user_pwd == NULL + if (user_pwd == NULL || chdir(user_pwd) != 0 ) { perror_msg_and_die("can't cd to %s", user_pwd); |