Permalink
Show file tree
Hide file tree
106 changes: 84 additions & 22 deletions
106
src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
a-a-i-d-t-a-cache: sanitize arguments
Parse command lines arguments and use them to create new arguments for exec(). No black listing algorithm would be safe enough. The only allowed arguments are the following: * v - verbose * y - noninteractive * repo - enable only repositories whose names match the pattern * exact - download packages for the specified files * ids - passed as magic proc fd path to the wrapped executable The wrapper opens the list of needed build ids passes /proc/self/fd/[fd] to the wrapped process. This allows us to open the file with caller's UID/GID in order to avoid information disclosures. Forbidden arguments: * cache - allows regular users to create a user writable dump directory * tmpdir - the same as above * size_mb - no need to allow users to fiddle with the cache size Related: #1216962 Signed-off-by: Jakub Filak <jfilak@redhat.com>
- Loading branch information
Jakub Filak
committed
May 4, 2015
1 parent
f3c2a6a
commit 9943a77
Showing
2 changed files
with
85 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters