Permalink
Browse files

basic: fix touch() creating files with 07777 mode

mode_t is unsigned, so MODE_INVALID < 0 can never be true.

This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/systemd/show-status.
  • Loading branch information...
1 parent 7d82cd4 commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e @grawity grawity committed Jan 29, 2016
Showing with 2 additions and 1 deletion.
  1. +2 −1 src/basic/fs-util.c
View
@@ -341,7 +341,8 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi
if (parents)
mkdir_parents(path, 0755);
- fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
+ fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY,
+ (mode == 0 || mode == MODE_INVALID) ? 0644 : mode);
if (fd < 0)
return -errno;

0 comments on commit 06eeacb

Please sign in to comment.