From 292fb47cb67837bc203c3038f75968a978440be7 Mon Sep 17 00:00:00 2001
From: Jiri Moskovcak <jmoskovc@redhat.com>
Date: Mon, 21 Feb 2011 18:39:48 +0100
Subject: run abrt-action-install-debuginfo.py using trivial sgid wrapper

Signed-off-by: Jiri Moskovcak <jmoskovc@redhat.com>
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 src/daemon/Daemon.cpp      |  2 +-
 src/daemon/abrt_event.conf | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'src/daemon')

diff --git a/src/daemon/Daemon.cpp b/src/daemon/Daemon.cpp
index ca9cf0c5..f791fb38 100644
--- a/src/daemon/Daemon.cpp
+++ b/src/daemon/Daemon.cpp
@@ -515,7 +515,7 @@ static void sanitize_dump_dir_rights()
     /* 00777 bits are usual "rwxrwxrwx" access rights */
     ensure_writable_dir(DEBUG_DUMPS_DIR, 0755, "abrt");
     /* debuginfo cache */
-    ensure_writable_dir(DEBUG_INFO_DIR, 0755, "root");
+    ensure_writable_dir(DEBUG_INFO_DIR, 0775, "abrt");
     /* temp dir */
     ensure_writable_dir(VAR_RUN"/abrt", 0755, "root");
 }
diff --git a/src/daemon/abrt_event.conf b/src/daemon/abrt_event.conf
index 8c040c9c..0c94341f 100644
--- a/src/daemon/abrt_event.conf
+++ b/src/daemon/abrt_event.conf
@@ -68,18 +68,26 @@ EVENT=post-create analyzer=Kerneloops   abrt-action-analyze-oops
 
 #TODO: implement this (or add this functionality to abrt-action-install-debuginfo):
 #EVENT=analyze analyzer=CCpp backtrace=  trim-debuginfo-cache /var/cache/abrt-di 4096m
+
 # Additional directories to search for debuginfos can be specified
 # in the third argument (its format is CACHEDIR[:DEBUGINFODIR...]).
 # For example, you can specify a network-mounted shared store
 # of all debuginfos this way.
+
+# FIXME!!! this is a sgid binary. It must not be possible to pass names
+# of writable directories as parameters, otherwise any user will be able
+# to write into them by calling abrt-action-install-debuginfo
+# with specially-crafted params!
+
 EVENT=analyze analyzer=CCpp backtrace=
-	abrt-action-install-debuginfo.py --core="$DUMP_DIR/coredump" --tmpdir="/var/run/abrt/$$-$RANDOM" --cache=/var/cache/abrt-di
+	abrt-action-install-debuginfo --core="$DUMP_DIR/coredump" --tmpdir="/tmp/$$-$RANDOM" --cache=/var/cache/abrt-di
+
 EVENT=analyze analyzer=CCpp backtrace=   abrt-action-generate-backtrace
 
 # Same as "analyze", but executed when user requests "refresh" in GUI
 #EVENT=reanalyze analyzer=CCpp  trim-debuginfo-cache /var/cache/abrt-di 4096m
 EVENT=reanalyze analyzer=CCpp
-	abrt-action-install-debuginfo.py --core="$DUMP_DIR/coredump" --tmpdir="/var/run/abrt/$$-$RANDOM" --cache=/var/cache/abrt-di
+	abrt-action-install-debuginfo --core="$DUMP_DIR/coredump" --tmpdir="/tmp/$$-$RANDOM" --cache=/var/cache/abrt-di
 EVENT=reanalyze analyzer=CCpp  abrt-action-generate-backtrace
 
 EVENT=report          analyzer=Kerneloops  abrt-action-kerneloops
-- 
cgit