From 821d8fc6d0e3bc596dd2f1c72296efe5dce33b45 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Tue, 15 Mar 2011 16:46:53 +0100
Subject: gui-wizard-gtk: sanitize file mode/uid/gid after event run

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 src/lib/dump_dir.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/dump_dir.c b/src/lib/dump_dir.c
index d0b1d478..fefec608 100644
--- a/src/lib/dump_dir.c
+++ b/src/lib/dump_dir.c
@@ -491,6 +491,53 @@ void dd_create_basic_files(struct dump_dir *dd, uid_t uid)
     free(release);
 }
 
+void dd_sanitize_mode_and_owner(struct dump_dir *dd)
+{
+    /* Don't sanitize if we aren't run under root:
+     * we assume that during file creation (by whatever means,
+     * even by "hostname >file" in abrt_event.conf)
+     * normal umask-based mode setting takes care of correct mode,
+     * and uid:gid is, of course, set to user's uid and gid.
+     *
+     * For root operating on /var/spool/abrt/USERS_PROBLEM, this isn't true:
+     * "hostname >file", for example, would create file OWNED BY ROOT!
+     * This routine resets mode and uid:gid for all such files.
+     */
+    if (dd->dd_uid == (uid_t)-1)
+        return;
+
+    if (!dd->locked)
+        error_msg_and_die("dump_dir is not opened"); /* bug */
+
+    DIR *d = opendir(dd->dd_dirname);
+    if (!d)
+        return;
+
+    struct dirent *dent;
+    while ((dent = readdir(d)) != NULL)
+    {
+        if (dent->d_name[0] == '.') /* ".lock", ".", ".."? skip */
+            continue;
+        char *full_path = concat_path_file(dd->dd_dirname, dent->d_name);
+        struct stat statbuf;
+        if (lstat(full_path, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
+        {
+            if ((statbuf.st_mode & 0777) != 0640)
+                chmod(full_path, 0640);
+            if (statbuf.st_uid != dd->dd_uid || statbuf.st_gid != dd->dd_gid)
+            {
+                if (chown(full_path, dd->dd_uid, dd->dd_gid) != 0)
+                {
+                    perror_msg("can't change '%s' ownership to %lu:%lu", full_path,
+                               (long)dd->dd_uid, (long)dd->dd_gid);
+                }
+            }
+        }
+        free(full_path);
+    }
+    closedir(d);
+}
+
 static int delete_file_dir(const char *dir, bool skip_lock_file)
 {
     DIR *d = opendir(dir);
@@ -615,7 +662,7 @@ static char *load_text_file(const char *path, unsigned flags)
 
 static bool save_binary_file(const char *path, const char* data, unsigned size, uid_t uid, gid_t gid)
 {
-    /* "Why 0640?!" See ::Create() for security analysis */
+    /* "Why 0640?!" See dd_create() for security analysis */
     unlink(path);
     int fd = open(path, O_WRONLY | O_TRUNC | O_CREAT, 0640);
     if (fd < 0)
-- 
cgit