Skip to content

Commit 80408e9

Browse files
author
Jakub Filak
committed
ccpp: fix symlink race conditions
Fix copy & chown race conditions Related: #1211835 Signed-off-by: Jakub Filak <jfilak@redhat.com>
1 parent fdf9368 commit 80408e9

File tree

1 file changed

+16
-11
lines changed

1 file changed

+16
-11
lines changed

Diff for: src/hooks/abrt-hook-ccpp.c

+16-11
Original file line numberDiff line numberDiff line change
@@ -397,7 +397,7 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
397397
return user_core_fd;
398398
}
399399

400-
static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs)
400+
static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs, uid_t uid, gid_t gid)
401401
{
402402
FILE *fp = fopen(dest_filename, "w");
403403
if (!fp)
@@ -429,6 +429,16 @@ static bool dump_fd_info(const char *dest_filename, char *source_filename, int s
429429
}
430430
fclose(in);
431431
}
432+
433+
const int dest_fd = fileno(fp);
434+
if (fchown(dest_fd, uid, gid) < 0)
435+
{
436+
perror_msg("Can't change '%s' ownership to %lu:%lu", dest_filename, (long)uid, (long)gid);
437+
fclose(fp);
438+
unlink(dest_filename);
439+
return false;
440+
}
441+
432442
fclose(fp);
433443
return true;
434444
}
@@ -678,27 +688,22 @@ int main(int argc, char** argv)
678688

679689
// Disabled for now: /proc/PID/smaps tends to be BIG,
680690
// and not much more informative than /proc/PID/maps:
681-
//copy_file(source_filename, dest_filename, 0640);
682-
//chown(dest_filename, dd->dd_uid, dd->dd_gid);
691+
//copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
683692

684693
strcpy(source_filename + source_base_ofs, "maps");
685694
strcpy(dest_base, FILENAME_MAPS);
686-
copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE);
687-
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
695+
copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
688696

689697
strcpy(source_filename + source_base_ofs, "limits");
690698
strcpy(dest_base, FILENAME_LIMITS);
691-
copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE);
692-
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
699+
copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
693700

694701
strcpy(source_filename + source_base_ofs, "cgroup");
695702
strcpy(dest_base, FILENAME_CGROUP);
696-
copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE);
697-
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
703+
copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
698704

699705
strcpy(dest_base, FILENAME_OPEN_FDS);
700-
if (dump_fd_info(dest_filename, source_filename, source_base_ofs))
701-
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));
706+
dump_fd_info(dest_filename, source_filename, source_base_ofs, dd->dd_uid, dd->dd_gid);
702707

703708
free(dest_filename);
704709

0 commit comments

Comments
 (0)