Skip to content
Permalink
Browse files

ccpp: fix symlink race conditions

Fix copy & chown race conditions

Related: #1211835

Signed-off-by: Jakub Filak <jfilak@redhat.com>
  • Loading branch information...
Jakub Filak
Jakub Filak committed Apr 15, 2015
1 parent fdf9368 commit 80408e9e24a1c10f85fd969e1853e0f192157f92
Showing with 16 additions and 11 deletions.
  1. +16 −11 src/hooks/abrt-hook-ccpp.c
@@ -397,7 +397,7 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
return user_core_fd; return user_core_fd;
} }


static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs) static bool dump_fd_info(const char *dest_filename, char *source_filename, int source_base_ofs, uid_t uid, gid_t gid)
{ {
FILE *fp = fopen(dest_filename, "w"); FILE *fp = fopen(dest_filename, "w");
if (!fp) if (!fp)
@@ -429,6 +429,16 @@ static bool dump_fd_info(const char *dest_filename, char *source_filename, int s
} }
fclose(in); fclose(in);
} }

const int dest_fd = fileno(fp);
if (fchown(dest_fd, uid, gid) < 0)
{
perror_msg("Can't change '%s' ownership to %lu:%lu", dest_filename, (long)uid, (long)gid);
fclose(fp);
unlink(dest_filename);
return false;
}

fclose(fp); fclose(fp);
return true; return true;
} }
@@ -678,27 +688,22 @@ int main(int argc, char** argv)


// Disabled for now: /proc/PID/smaps tends to be BIG, // Disabled for now: /proc/PID/smaps tends to be BIG,
// and not much more informative than /proc/PID/maps: // and not much more informative than /proc/PID/maps:
//copy_file(source_filename, dest_filename, 0640); //copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
//chown(dest_filename, dd->dd_uid, dd->dd_gid);


strcpy(source_filename + source_base_ofs, "maps"); strcpy(source_filename + source_base_ofs, "maps");
strcpy(dest_base, FILENAME_MAPS); strcpy(dest_base, FILENAME_MAPS);
copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE); copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));


strcpy(source_filename + source_base_ofs, "limits"); strcpy(source_filename + source_base_ofs, "limits");
strcpy(dest_base, FILENAME_LIMITS); strcpy(dest_base, FILENAME_LIMITS);
copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE); copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));


strcpy(source_filename + source_base_ofs, "cgroup"); strcpy(source_filename + source_base_ofs, "cgroup");
strcpy(dest_base, FILENAME_CGROUP); strcpy(dest_base, FILENAME_CGROUP);
copy_file(source_filename, dest_filename, DEFAULT_DUMP_DIR_MODE); copy_file_ext(source_filename, dest_filename, 0640, dd->dd_uid, dd->dd_gid, O_RDONLY, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));


strcpy(dest_base, FILENAME_OPEN_FDS); strcpy(dest_base, FILENAME_OPEN_FDS);
if (dump_fd_info(dest_filename, source_filename, source_base_ofs)) dump_fd_info(dest_filename, source_filename, source_base_ofs, dd->dd_uid, dd->dd_gid);
IGNORE_RESULT(chown(dest_filename, dd->dd_uid, dd->dd_gid));


free(dest_filename); free(dest_filename);


0 comments on commit 80408e9

Please sign in to comment.
You can’t perform that action at this time.