Skip to content
Permalink
Browse files Browse the repository at this point in the history
daemon: allow only root user to trigger the post-create
There is no reason to allow non-root users to trigger this
functionality. Regular users can create abrt problems only through
abrtd or abrt-dbus and both triggers the post-create.

Other hooks run under root user (CCpp, Koops, VMCore, Xorg).

Related: #1212861

Signed-off-by: Jakub Filak <jfilak@redhat.com>
  • Loading branch information
Jakub Filak committed May 6, 2015
1 parent 10bea03 commit 3287aa1
Showing 1 changed file with 8 additions and 11 deletions.
19 changes: 8 additions & 11 deletions src/daemon/abrt-server.c
Expand Up @@ -178,16 +178,6 @@ static int run_post_create(const char *dirname)
return 403;
}
}
else if (!dump_dir_accessible_by_uid(dirname, client_uid))
{
if (errno == ENOTDIR)
{
error_msg("Path '%s' isn't problem directory", dirname);
return 404; /* Not Found */
}
error_msg("Problem directory '%s' can't be accessed by user with uid %ld", dirname, (long)client_uid);
return 403; /* Forbidden */
}

int child_stdout_fd;
int child_pid = spawn_event_handler_child(dirname, "post-create", &child_stdout_fd);
Expand Down Expand Up @@ -741,14 +731,21 @@ static int perform_http_xact(void)
/* Body received, EOF was seen. Don't let alarm to interrupt after this. */
alarm(0);

int ret = 0;
if (url_type == CREATION_NOTIFICATION)
{
if (client_uid != 0)
{
error_msg("UID=%ld is not authorized to trigger post-create processing", (long)client_uid);
ret = 403; /* Forbidden */
goto out;
}

messagebuf_data[messagebuf_len] = '\0';
return run_post_create(messagebuf_data);
}

/* Save problem dir */
int ret = 0;
unsigned pid = convert_pid(problem_info);
die_if_data_is_missing(problem_info);

Expand Down

0 comments on commit 3287aa1

Please sign in to comment.